76 matches found
AlmaLinux 8 : container-tools (ALSA-2024:4246)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4246 advisory. golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON CVE-2024-24786...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2024:2031-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2031-1 advisory. - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated...
Medium: cri-tools
Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
Medium: amazon-cloudwatch-agent
Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
Medium: amazon-cloudwatch-agent
Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
ROS-20240522-06
A vulnerability in the protojson.Unmarshal function of the Golang programming language is related to an infinite loop when unmarshaling of certain JSON forms. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
ALSA-2024:2549 Moderate: skopeo security and bug fix update
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms...
Moderate: skopeo security and bug fix update
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms...
CentOS 7 : rhc-worker-script (RHSA-2024:1874)
The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1874 advisory. - The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a...
OESA-2024-1381 cri-tools security update
CLI and validation tools for Container Runtime Interface Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.CVE-2022-41723 A malicious HTTP/2 client which...
OESA-2024-1380 cri-tools security update
CLI and validation tools for Container Runtime Interface Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.CVE-2022-41723 A malicious HTTP/2 client which...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
RHCOS 4 : OpenShift Container Platform 4.12.54 (RHSA-2024:1574)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1574 advisory. - golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 - golang-protobuf:...
RHEL 8 / 9 : OpenShift Container Platform 4.12.54 (RHSA-2024:1574)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1574 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...