Описание
Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.
A flaw was found in the golang implementation of the protobuf protocol. This issue occurs when parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input, which will cause a panic.
Отчет
Red Hat does not include the affected version (v1.29.0) in any of its software.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cost Management Metrics Operator | costmanagement/costmanagement-metrics-rhel8-operator | Not affected | ||
| Cryostat 2 | cryostat-tech-preview/cryostat-rhel8-operator | Not affected | ||
| OpenShift Serverless | openshift-serverless-1-cli | Not affected | ||
| OpenShift Serverless | openshift-serverless-1-eventing | Not affected | ||
| OpenShift Serverless | openshift-serverless-1-serving | Not affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-apicast-operator-bundle-container | Not affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-apicast-operator-container | Not affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-operator-bundle-container | Not affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-operator-container | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | multicloud-operators-foundation | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.
Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.
Parsing invalid messages can panic. Parsing a text-format message whic ...
google.golang.org/protobuf vulnerable to panic leading to denial of service
EPSS
7.5 High
CVSS3