Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-45338

Опубликовано: 18 дек. 2024
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.

Отчет

This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-controller-rhel9Affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-git-cloner-rhel9Affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-image-bundler-rhel9Affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-image-processing-rhel9Affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-waiters-rhel9Affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-webhook-rhel9Affected
cert-manager Operator for Red Hat OpenShiftcert-manager/jetstack-cert-manager-rhel9Affected
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8Will not fix
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler/custom-metrics-autoscaler-rhel8Will not fix
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=2333122golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

EPSS

Процентиль: 38%
0.00159
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-45338

CVSS3: 5.3
ubuntu
6 месяцев назад

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

nvd логотип

CVE-2024-45338

CVSS3: 5.3
nvd
6 месяцев назад

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

msrc логотип

CVE-2024-45338

CVSS3: 5.3
msrc
5 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-45338

CVSS3: 5.3
debian
6 месяцев назад

An attacker can craft an input to the Parse functions that would be pr ...

redos логотип

ROS-20250128-03

CVSS3: 5.3
redos
5 месяцев назад

Уязвимость golang-x-net-devel

EPSS

Процентиль: 38%
0.00159
Низкий

7.5 High

CVSS3

Уязвимость CVE-2024-45338