Описание
The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.
A flaw was found in golang-github-buger-jsonparser. The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a delete call. The highest threat from this vulnerability is to system availability.
Отчет
The OpenShift Container Platform 4 (OCP) containers, file-integrity-rhel8-operator, cnf-tests-rhel8 and ose-container-networking-plugins-rhel8, do have some references to github.com/buger/jsonparser, mainly in their go.sum files. However, it is not included in the final go build. It is also a dependency of the dependency github.com/containernetworking/plugins which only includes buger/jsonparse when compiling for Windows, which these containers do not. Hence, the associated containers have been marked not affected. OpenShift Virtualization cnv-containernetworking-plugins container depends on github.com/buger/jsonparser only when built for Windows, which it is not, thus it is not affected. Other OpenshiftVirtualization containers (virt-api, virt-controller, virt-handler, virt-launcher, virt-operator, kubernetes-nmstate-handler, ovs-cni-marker, ovs-cni-plugin, kubemacpool, hyperconverged-cluster-operator) have references to github.com/buger/jsonparser, however, it is not included in the final go build.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | jsonparser | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/cnf-tests-rhel8 | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/file-integrity-rhel8-operator | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-container-networking-plugins-rhel8 | Not affected | ||
| Red Hat OpenShift Virtualization 2 | cnv-containernetworking-plugins | Not affected | ||
| Red Hat OpenShift Virtualization 2 | hyperconverged-cluster-operator | Not affected | ||
| Red Hat OpenShift Virtualization 2 | kubemacpool | Not affected | ||
| Red Hat OpenShift Virtualization 2 | kubernetes-nmstate-handler | Not affected | ||
| Red Hat OpenShift Virtualization 2 | ovs-cni-marker | Not affected | ||
| Red Hat OpenShift Virtualization 2 | ovs-cni-plugin | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.
The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.
The Library API in buger jsonparser through 2019-12-04 allows attacker ...
EPSS
7.5 High
CVSS3