Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:4246

Опубликовано: 07 мая 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: container-tools security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
aardvark-dnsx86_641.module+el8.10.0+1815+5fe7415eaardvark-dns-1.10.0-1.module+el8.10.0+1815+5fe7415e.x86_64.rpm
aardvark-dnsx86_641.module+el8.10.0+1872+2e18eb19aardvark-dns-1.10.0-1.module+el8.10.0+1872+2e18eb19.x86_64.rpm
aardvark-dnsx86_641.module+el8.10.0+1843+6892ab28aardvark-dns-1.10.0-1.module+el8.10.0+1843+6892ab28.x86_64.rpm
aardvark-dnsx86_641.module+el8.10.0+1825+623b0c20aardvark-dns-1.10.0-1.module+el8.10.0+1825+623b0c20.x86_64.rpm
buildahx86_641.module+el8.10.0+1833+b6e0f287buildah-1.33.8-1.module+el8.10.0+1833+b6e0f287.x86_64.rpm
buildah-testsx86_641.module+el8.10.0+1833+b6e0f287buildah-tests-1.33.8-1.module+el8.10.0+1833+b6e0f287.x86_64.rpm
cockpit-podmannoarch1.module+el8.10.0+1880+8e896d1bcockpit-podman-84.1-1.module+el8.10.0+1880+8e896d1b.noarch.rpm
cockpit-podmannoarch1.module+el8.10.0+1874+ce489889cockpit-podman-84.1-1.module+el8.10.0+1874+ce489889.noarch.rpm
cockpit-podmannoarch1.module+el8.10.0+1872+2e18eb19cockpit-podman-84.1-1.module+el8.10.0+1872+2e18eb19.noarch.rpm
cockpit-podmannoarch1.module+el8.10.0+1843+6892ab28cockpit-podman-84.1-1.module+el8.10.0+1843+6892ab28.noarch.rpm

Показывать по

Связанные CVE

CVE-2024-24786

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2024-24786

CVSS3: 7.5
ubuntu
почти 2 года назад

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

redhat логотип

CVE-2024-24786

CVSS3: 5.9
redhat
почти 2 года назад

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

nvd логотип

CVE-2024-24786

CVSS3: 7.5
nvd
почти 2 года назад

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

msrc логотип

CVE-2024-24786

CVSS3: 7.5
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2024-24786

CVSS3: 7.5
debian
почти 2 года назад

The protojson.Unmarshal function can enter an infinite loop when unmar ...