VDB
RHSA-2024%3A1507
RHSA-2024%3A1507
PUBLISHED
CVSS 5.900000095367432 MEDIUM
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-logging/elasticsearch-proxy-rhel8@sha256:6ae915675e46fa073915bd06b9c579dc23cca6de95ad3491d9278aab4e54d65c_ppc64le as a component of RHOL 5.6 for RHEL 8 | openshift-logging/elasticsearch-proxy-rhel8@sha256:6ae915675e46fa073915bd06b9c579dc23cca6de95ad3491d9278aab4e54d65c_ppc64le, openshift-logging/elasticsearch-proxy-rhel8@sha256:6ae915675e46fa073915bd06b9c579dc23cca6de95ad3491d9278aab4e54d65c_ppc64le, openshift-logging/elasticsearch-proxy-rhel8@sha256:6ae915675e46fa073915bd06b9c579dc23cca6de95ad3491d9278aab4e54d65c_ppc64le |
| Red Hat | openshift-logging/logging-view-plugin-rhel8@sha256:4d10333330aab3ffc390b59cf12db13c3c38c5d96589935b712dd55fa408e8b8_arm64 as a component of RHOL 5.6 for RHEL 8 | openshift-logging/logging-view-plugin-rhel8@sha256:4d10333330aab3ffc390b59cf12db13c3c38c5d96589935b712dd55fa408e8b8_arm64, openshift-logging/logging-view-plugin-rhel8@sha256:4d10333330aab3ffc390b59cf12db13c3c38c5d96589935b712dd55fa408e8b8_arm64, openshift-logging/logging-view-plugin-rhel8@sha256:4d10333330aab3ffc390b59cf12db13c3c38c5d96589935b712dd55fa408e8b8_arm64 |
| Red Hat | openshift-logging/lokistack-gateway-rhel8@sha256:f8532b7c06d552ddfef7f6e2ce18f09f85c777161a0d10ff42b79569a82929ef_ppc64le as a component of RHOL 5.6 for RHEL 8 | *, *, openshift-logging/lokistack-gateway-rhel8@sha256:f8532b7c06d552ddfef7f6e2ce18f09f85c777161a0d10ff42b79569a82929ef_ppc64le |
| Red Hat | openshift-logging/cluster-logging-rhel8-operator@sha256:cf15a2fd2897ad10c1f3f839071b82cfaafb80ba8257aa1628d982bd40108c6b_arm64 as a component of RHOL 5.6 for RHEL 8 | openshift-logging/cluster-logging-rhel8-operator@sha256:cf15a2fd2897ad10c1f3f839071b82cfaafb80ba8257aa1628d982bd40108c6b_arm64, openshift-logging/cluster-logging-rhel8-operator@sha256:cf15a2fd2897ad10c1f3f839071b82cfaafb80ba8257aa1628d982bd40108c6b_arm64, openshift-logging/cluster-logging-rhel8-operator@sha256:cf15a2fd2897ad10c1f3f839071b82cfaafb80ba8257aa1628d982bd40108c6b_arm64 |
| Red Hat | openshift-logging/lokistack-gateway-rhel8@sha256:547087c3e18f9c2797d7c95a7fcef6d763b3252cc4f74df3e8b60891619a09e3_arm64 as a component of RHOL 5.6 for RHEL 8 | openshift-logging/lokistack-gateway-rhel8@sha256:547087c3e18f9c2797d7c95a7fcef6d763b3252cc4f74df3e8b60891619a09e3_arm64, openshift-logging/lokistack-gateway-rhel8@sha256:547087c3e18f9c2797d7c95a7fcef6d763b3252cc4f74df3e8b60891619a09e3_arm64, * |
| Red Hat | openshift-logging/opa-openshift-rhel8@sha256:7f20391bf7b64ee9c5c648389bb23474b1113c4fe18b5ecc2d161fc1bad2faad_ppc64le as a component of RHOL 5.6 for RHEL 8 | openshift-logging/opa-openshift-rhel8@sha256:7f20391bf7b64ee9c5c648389bb23474b1113c4fe18b5ecc2d161fc1bad2faad_ppc64le, openshift-logging/opa-openshift-rhel8@sha256:7f20391bf7b64ee9c5c648389bb23474b1113c4fe18b5ecc2d161fc1bad2faad_ppc64le, openshift-logging/opa-openshift-rhel8@sha256:7f20391bf7b64ee9c5c648389bb23474b1113c4fe18b5ecc2d161fc1bad2faad_ppc64le |
| Red Hat | openshift-logging/elasticsearch-rhel8-operator@sha256:2a46395c536f5a952e988db2ac0b28a90c9c0825a7be04ee15a06dde00d29eca_amd64 as a component of RHOL 5.6 for RHEL 8 | openshift-logging/elasticsearch-rhel8-operator@sha256:2a46395c536f5a952e988db2ac0b28a90c9c0825a7be04ee15a06dde00d29eca_amd64, openshift-logging/elasticsearch-rhel8-operator@sha256:2a46395c536f5a952e988db2ac0b28a90c9c0825a7be04ee15a06dde00d29eca_amd64, openshift-logging/elasticsearch-rhel8-operator@sha256:2a46395c536f5a952e988db2ac0b28a90c9c0825a7be04ee15a06dde00d29eca_amd64 |
| Red Hat | openshift-logging/loki-operator-bundle@sha256:795bd99dcd28369ba888c6f473e73ac2490e289f95e09be13123aab52eb3ddd2_amd64 as a component of RHOL 5.6 for RHEL 8 | openshift-logging/loki-operator-bundle@sha256:795bd99dcd28369ba888c6f473e73ac2490e289f95e09be13123aab52eb3ddd2_amd64, *, openshift-logging/loki-operator-bundle@sha256:795bd99dcd28369ba888c6f473e73ac2490e289f95e09be13123aab52eb3ddd2_amd64 |
| Red Hat | openshift-logging/cluster-logging-rhel8-operator@sha256:c3067f4ef5300b5b384a6682865b5f78e354e0e732884790ea36efddec70854a_ppc64le as a component of RHOL 5.6 for RHEL 8 | *, openshift-logging/cluster-logging-rhel8-operator@sha256:c3067f4ef5300b5b384a6682865b5f78e354e0e732884790ea36efddec70854a_ppc64le, openshift-logging/cluster-logging-rhel8-operator@sha256:c3067f4ef5300b5b384a6682865b5f78e354e0e732884790ea36efddec70854a_ppc64le |
| Red Hat | openshift-logging/eventrouter-rhel8@sha256:4036b235152b5713e8cc0aabd65351e8d0c161ba208eef87bdd75ea12f4a8ee5_ppc64le as a component of RHOL 5.6 for RHEL 8 | *, openshift-logging/eventrouter-rhel8@sha256:4036b235152b5713e8cc0aabd65351e8d0c161ba208eef87bdd75ea12f4a8ee5_ppc64le, openshift-logging/eventrouter-rhel8@sha256:4036b235152b5713e8cc0aabd65351e8d0c161ba208eef87bdd75ea12f4a8ee5_ppc64le |
| Red Hat | openshift-logging/eventrouter-rhel8@sha256:9f9f2ae1ef427a0cc34bf997ebe9cc0386b0e6eddb59ae7fbe4f799fa4ca7955_s390x as a component of RHOL 5.6 for RHEL 8 | openshift-logging/eventrouter-rhel8@sha256:9f9f2ae1ef427a0cc34bf997ebe9cc0386b0e6eddb59ae7fbe4f799fa4ca7955_s390x, *, openshift-logging/eventrouter-rhel8@sha256:9f9f2ae1ef427a0cc34bf997ebe9cc0386b0e6eddb59ae7fbe4f799fa4ca7955_s390x |
| Red Hat | openshift-logging/loki-rhel8-operator@sha256:d6181fd3dec1a952fbb02592053ee96553f2cbe8eec81be6ef98a2b3bbaa266d_s390x as a component of RHOL 5.6 for RHEL 8 | *, openshift-logging/loki-rhel8-operator@sha256:d6181fd3dec1a952fbb02592053ee96553f2cbe8eec81be6ef98a2b3bbaa266d_s390x, openshift-logging/loki-rhel8-operator@sha256:d6181fd3dec1a952fbb02592053ee96553f2cbe8eec81be6ef98a2b3bbaa266d_s390x |
| Red Hat | openshift-logging/elasticsearch-proxy-rhel8@sha256:5714b90eb7ceb617aa5bd9b40d994a9f2e6b88035250db195c7320ed5aee0821_s390x as a component of RHOL 5.6 for RHEL 8 | openshift-logging/elasticsearch-proxy-rhel8@sha256:5714b90eb7ceb617aa5bd9b40d994a9f2e6b88035250db195c7320ed5aee0821_s390x, openshift-logging/elasticsearch-proxy-rhel8@sha256:5714b90eb7ceb617aa5bd9b40d994a9f2e6b88035250db195c7320ed5aee0821_s390x, openshift-logging/elasticsearch-proxy-rhel8@sha256:5714b90eb7ceb617aa5bd9b40d994a9f2e6b88035250db195c7320ed5aee0821_s390x |
| Red Hat | openshift-logging/logging-loki-rhel8@sha256:1ab1569dc03fa6f32c5f9e86a5f5d1955c280a72262830e9f349e037deaadb4d_s390x as a component of RHOL 5.6 for RHEL 8 | openshift-logging/logging-loki-rhel8@sha256:1ab1569dc03fa6f32c5f9e86a5f5d1955c280a72262830e9f349e037deaadb4d_s390x, openshift-logging/logging-loki-rhel8@sha256:1ab1569dc03fa6f32c5f9e86a5f5d1955c280a72262830e9f349e037deaadb4d_s390x, openshift-logging/logging-loki-rhel8@sha256:1ab1569dc03fa6f32c5f9e86a5f5d1955c280a72262830e9f349e037deaadb4d_s390x |
| Red Hat | openshift-logging/vector-rhel8@sha256:955b4863e053e0d53b8eb7f1611662d91d2e3774758e6ec01f0661e0a6b84568_amd64 as a component of RHOL 5.6 for RHEL 8 | openshift-logging/vector-rhel8@sha256:955b4863e053e0d53b8eb7f1611662d91d2e3774758e6ec01f0661e0a6b84568_amd64, *, openshift-logging/vector-rhel8@sha256:955b4863e053e0d53b8eb7f1611662d91d2e3774758e6ec01f0661e0a6b84568_amd64 |
| Red Hat | openshift-logging/cluster-logging-rhel8-operator@sha256:c3067f4ef5300b5b384a6682865b5f78e354e0e732884790ea36efddec70854a_ppc64le as a component of RHOL 5.6 for RHEL 8 | openshift-logging/cluster-logging-rhel8-operator@sha256:c3067f4ef5300b5b384a6682865b5f78e354e0e732884790ea36efddec70854a_ppc64le, *, openshift-logging/cluster-logging-rhel8-operator@sha256:c3067f4ef5300b5b384a6682865b5f78e354e0e732884790ea36efddec70854a_ppc64le |
| Red Hat | openshift-logging/opa-openshift-rhel8@sha256:5d43ced62c567970e7104ee6958ff911faf1c5ea91b0e84a6af256fc8d80882a_arm64 as a component of RHOL 5.6 for RHEL 8 | *, *, * |
| Red Hat | openshift-logging/loki-rhel8-operator@sha256:2d2a02f16c6187a0312b7bb45f4c2ea50b4b5ffeef67c4df0c6f1a8c6b65ccb6_arm64 as a component of RHOL 5.6 for RHEL 8 | openshift-logging/loki-rhel8-operator@sha256:2d2a02f16c6187a0312b7bb45f4c2ea50b4b5ffeef67c4df0c6f1a8c6b65ccb6_arm64, openshift-logging/loki-rhel8-operator@sha256:2d2a02f16c6187a0312b7bb45f4c2ea50b4b5ffeef67c4df0c6f1a8c6b65ccb6_arm64, openshift-logging/loki-rhel8-operator@sha256:2d2a02f16c6187a0312b7bb45f4c2ea50b4b5ffeef67c4df0c6f1a8c6b65ccb6_arm64 |
| Red Hat | openshift-logging/eventrouter-rhel8@sha256:ecf254af359f839bb766ab80b3d991078a9d7464168af9f9b34ca6ddfc7a79bc_amd64 as a component of RHOL 5.6 for RHEL 8 | openshift-logging/eventrouter-rhel8@sha256:ecf254af359f839bb766ab80b3d991078a9d7464168af9f9b34ca6ddfc7a79bc_amd64, openshift-logging/eventrouter-rhel8@sha256:ecf254af359f839bb766ab80b3d991078a9d7464168af9f9b34ca6ddfc7a79bc_amd64, openshift-logging/eventrouter-rhel8@sha256:ecf254af359f839bb766ab80b3d991078a9d7464168af9f9b34ca6ddfc7a79bc_amd64 |
| Red Hat | openshift-logging/elasticsearch-operator-bundle@sha256:2f1b84d5033a17fe7ef009173a2515d83d787b529df5cbf55bb612bd8478559b_amd64 as a component of RHOL 5.6 for RHEL 8 | openshift-logging/elasticsearch-operator-bundle@sha256:2f1b84d5033a17fe7ef009173a2515d83d787b529df5cbf55bb612bd8478559b_amd64, *, openshift-logging/elasticsearch-operator-bundle@sha256:2f1b84d5033a17fe7ef009173a2515d83d787b529df5cbf55bb612bd8478559b_amd64 |
…and 106 more
Timeline
- Mar 27, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 16, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:1507 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2268046 issue
- https://issues.redhat.com/browse/LOG-5203 advisory
- https://issues.redhat.com/browse/LOG-5242 advisory
- https://issues.redhat.com/browse/LOG-5252 advisory
- https://issues.redhat.com/browse/LOG-5276 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1507.json advisory
- https://access.redhat.com/security/cve/CVE-2024-24786 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-24786 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-24786 advisory
- https://go.dev/cl/569356 advisory
- https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/ advisory
- https://pkg.go.dev/vuln/GO-2024-2611 advisory