VDB
RHSA-2024%3A1508
RHSA-2024%3A1508
PUBLISHED
CVSS 5.900000095367432 MEDIUM
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-logging/opa-openshift-rhel8@sha256:c12fa22f7d4c63be9023a92b9dfc776201d533df4d17dde3f95e29199d6f3edb_arm64 as a component of RHOL 5.7 for RHEL 8 | openshift-logging/opa-openshift-rhel8@sha256:c12fa22f7d4c63be9023a92b9dfc776201d533df4d17dde3f95e29199d6f3edb_arm64, *, openshift-logging/opa-openshift-rhel8@sha256:c12fa22f7d4c63be9023a92b9dfc776201d533df4d17dde3f95e29199d6f3edb_arm64 |
| Red Hat | openshift-logging/cluster-logging-operator-bundle@sha256:32c00839a9feaf7d3a3365a62562f0348fc3d72f9c8052616539d0161d88a574_amd64 as a component of RHOL 5.7 for RHEL 8 | openshift-logging/cluster-logging-operator-bundle@sha256:32c00839a9feaf7d3a3365a62562f0348fc3d72f9c8052616539d0161d88a574_amd64, openshift-logging/cluster-logging-operator-bundle@sha256:32c00839a9feaf7d3a3365a62562f0348fc3d72f9c8052616539d0161d88a574_amd64, * |
| Red Hat | openshift-logging/loki-operator-bundle@sha256:613928b1bba576ae6b13d619e2623bcf2f8dc16c977e728a49d08b55ecbc143e_amd64 as a component of RHOL 5.7 for RHEL 8 | openshift-logging/loki-operator-bundle@sha256:613928b1bba576ae6b13d619e2623bcf2f8dc16c977e728a49d08b55ecbc143e_amd64, *, openshift-logging/loki-operator-bundle@sha256:613928b1bba576ae6b13d619e2623bcf2f8dc16c977e728a49d08b55ecbc143e_amd64 |
| Red Hat | openshift-logging/loki-rhel8-operator@sha256:699042d45b6b856f9382d07cd4f619344462cdada08209975f9a60275bf34fb3_ppc64le as a component of RHOL 5.7 for RHEL 8 | openshift-logging/loki-rhel8-operator@sha256:699042d45b6b856f9382d07cd4f619344462cdada08209975f9a60275bf34fb3_ppc64le, *, * |
| Red Hat | openshift-logging/opa-openshift-rhel8@sha256:e538b691d35338e1d64c54524f43cc1f94ed75334b89d2d783178871f533528b_s390x as a component of RHOL 5.7 for RHEL 8 | openshift-logging/opa-openshift-rhel8@sha256:e538b691d35338e1d64c54524f43cc1f94ed75334b89d2d783178871f533528b_s390x, openshift-logging/opa-openshift-rhel8@sha256:e538b691d35338e1d64c54524f43cc1f94ed75334b89d2d783178871f533528b_s390x, openshift-logging/opa-openshift-rhel8@sha256:e538b691d35338e1d64c54524f43cc1f94ed75334b89d2d783178871f533528b_s390x |
| Red Hat | openshift-logging/elasticsearch-proxy-rhel8@sha256:fd7654b10bdd6ead25e848bff1138d1a7296394e32931ab69b61699ef58fca80_s390x as a component of RHOL 5.7 for RHEL 8 | openshift-logging/elasticsearch-proxy-rhel8@sha256:fd7654b10bdd6ead25e848bff1138d1a7296394e32931ab69b61699ef58fca80_s390x, *, openshift-logging/elasticsearch-proxy-rhel8@sha256:fd7654b10bdd6ead25e848bff1138d1a7296394e32931ab69b61699ef58fca80_s390x |
| Red Hat | openshift-logging/vector-rhel8@sha256:5adca80c657297effd898bbf8a7be459498dad01b744a40b67569ea38c7c671d_amd64 as a component of RHOL 5.7 for RHEL 8 | openshift-logging/vector-rhel8@sha256:5adca80c657297effd898bbf8a7be459498dad01b744a40b67569ea38c7c671d_amd64, *, * |
| Red Hat | openshift-logging/elasticsearch-proxy-rhel8@sha256:fd7654b10bdd6ead25e848bff1138d1a7296394e32931ab69b61699ef58fca80_s390x as a component of RHOL 5.7 for RHEL 8 | *, openshift-logging/elasticsearch-proxy-rhel8@sha256:fd7654b10bdd6ead25e848bff1138d1a7296394e32931ab69b61699ef58fca80_s390x, openshift-logging/elasticsearch-proxy-rhel8@sha256:fd7654b10bdd6ead25e848bff1138d1a7296394e32931ab69b61699ef58fca80_s390x |
| Red Hat | openshift-logging/elasticsearch6-rhel8@sha256:3ea949120cf831fdd3d17ab0db9ecdc3285bcc1b35513810aab87d277f04dd22_ppc64le as a component of RHOL 5.7 for RHEL 8 | openshift-logging/elasticsearch6-rhel8@sha256:3ea949120cf831fdd3d17ab0db9ecdc3285bcc1b35513810aab87d277f04dd22_ppc64le, openshift-logging/elasticsearch6-rhel8@sha256:3ea949120cf831fdd3d17ab0db9ecdc3285bcc1b35513810aab87d277f04dd22_ppc64le, openshift-logging/elasticsearch6-rhel8@sha256:3ea949120cf831fdd3d17ab0db9ecdc3285bcc1b35513810aab87d277f04dd22_ppc64le |
| Red Hat | openshift-logging/kibana6-rhel8@sha256:5b6290114350d5e397feb4229fafacf6dedf182512610ddcfc96297e7ef7f13c_arm64 as a component of RHOL 5.7 for RHEL 8 | *, openshift-logging/kibana6-rhel8@sha256:5b6290114350d5e397feb4229fafacf6dedf182512610ddcfc96297e7ef7f13c_arm64, openshift-logging/kibana6-rhel8@sha256:5b6290114350d5e397feb4229fafacf6dedf182512610ddcfc96297e7ef7f13c_arm64 |
| Red Hat | openshift-logging/logging-curator5-rhel8@sha256:2ee6beb9fa9b3fbc80b81093ac5a198cc6f7b7cdc5c1d17c5c8acff928ba400e_arm64 as a component of RHOL 5.7 for RHEL 8 | *, openshift-logging/logging-curator5-rhel8@sha256:2ee6beb9fa9b3fbc80b81093ac5a198cc6f7b7cdc5c1d17c5c8acff928ba400e_arm64, openshift-logging/logging-curator5-rhel8@sha256:2ee6beb9fa9b3fbc80b81093ac5a198cc6f7b7cdc5c1d17c5c8acff928ba400e_arm64 |
| Red Hat | openshift-logging/loki-rhel8-operator@sha256:be1a90981d1af1f8a7b4eca032e900b0d5518dd334b88e09d2244eaab3c1b2ae_s390x as a component of RHOL 5.7 for RHEL 8 | openshift-logging/loki-rhel8-operator@sha256:be1a90981d1af1f8a7b4eca032e900b0d5518dd334b88e09d2244eaab3c1b2ae_s390x, openshift-logging/loki-rhel8-operator@sha256:be1a90981d1af1f8a7b4eca032e900b0d5518dd334b88e09d2244eaab3c1b2ae_s390x, openshift-logging/loki-rhel8-operator@sha256:be1a90981d1af1f8a7b4eca032e900b0d5518dd334b88e09d2244eaab3c1b2ae_s390x |
| Red Hat | openshift-logging/cluster-logging-operator-bundle@sha256:32c00839a9feaf7d3a3365a62562f0348fc3d72f9c8052616539d0161d88a574_amd64 as a component of RHOL 5.7 for RHEL 8 | openshift-logging/cluster-logging-operator-bundle@sha256:32c00839a9feaf7d3a3365a62562f0348fc3d72f9c8052616539d0161d88a574_amd64, *, openshift-logging/cluster-logging-operator-bundle@sha256:32c00839a9feaf7d3a3365a62562f0348fc3d72f9c8052616539d0161d88a574_amd64 |
| Red Hat | openshift-logging/logging-view-plugin-rhel8@sha256:cd30d04309e4b42da34a8c93e3c3a66228c72b692404527b7fbedac7bf671223_ppc64le as a component of RHOL 5.7 for RHEL 8 | *, openshift-logging/logging-view-plugin-rhel8@sha256:cd30d04309e4b42da34a8c93e3c3a66228c72b692404527b7fbedac7bf671223_ppc64le, openshift-logging/logging-view-plugin-rhel8@sha256:cd30d04309e4b42da34a8c93e3c3a66228c72b692404527b7fbedac7bf671223_ppc64le |
| Red Hat | openshift-logging/logging-view-plugin-rhel8@sha256:cd30d04309e4b42da34a8c93e3c3a66228c72b692404527b7fbedac7bf671223_ppc64le as a component of RHOL 5.7 for RHEL 8 | *, *, openshift-logging/logging-view-plugin-rhel8@sha256:cd30d04309e4b42da34a8c93e3c3a66228c72b692404527b7fbedac7bf671223_ppc64le |
| Red Hat | openshift-logging/eventrouter-rhel8@sha256:b057d736376423a5c35ddd69b40602b6bb833e2c2953eea5c33e96b94b06a239_s390x as a component of RHOL 5.7 for RHEL 8 | *, openshift-logging/eventrouter-rhel8@sha256:b057d736376423a5c35ddd69b40602b6bb833e2c2953eea5c33e96b94b06a239_s390x, openshift-logging/eventrouter-rhel8@sha256:b057d736376423a5c35ddd69b40602b6bb833e2c2953eea5c33e96b94b06a239_s390x |
| Red Hat | openshift-logging/log-file-metric-exporter-rhel8@sha256:901533ccc6e769669c31b4e8b401a0929ee27451a08da20fe01c136e0801f8c8_arm64 as a component of RHOL 5.7 for RHEL 8 | *, openshift-logging/log-file-metric-exporter-rhel8@sha256:901533ccc6e769669c31b4e8b401a0929ee27451a08da20fe01c136e0801f8c8_arm64, openshift-logging/log-file-metric-exporter-rhel8@sha256:901533ccc6e769669c31b4e8b401a0929ee27451a08da20fe01c136e0801f8c8_arm64 |
| Red Hat | openshift-logging/elasticsearch-proxy-rhel8@sha256:1672439fe0725842fd7dfaed85acaa917e5e11fc4b4cbd2ee47f63247fe6df83_ppc64le as a component of RHOL 5.7 for RHEL 8 | openshift-logging/elasticsearch-proxy-rhel8@sha256:1672439fe0725842fd7dfaed85acaa917e5e11fc4b4cbd2ee47f63247fe6df83_ppc64le, openshift-logging/elasticsearch-proxy-rhel8@sha256:1672439fe0725842fd7dfaed85acaa917e5e11fc4b4cbd2ee47f63247fe6df83_ppc64le, openshift-logging/elasticsearch-proxy-rhel8@sha256:1672439fe0725842fd7dfaed85acaa917e5e11fc4b4cbd2ee47f63247fe6df83_ppc64le |
| Red Hat | openshift-logging/eventrouter-rhel8@sha256:f30221a22d9863f3fd88828733e2ffa81dc85da886b46fb3aa4324288f58a2ab_arm64 as a component of RHOL 5.7 for RHEL 8 | *, *, openshift-logging/eventrouter-rhel8@sha256:f30221a22d9863f3fd88828733e2ffa81dc85da886b46fb3aa4324288f58a2ab_arm64 |
| Red Hat | openshift-logging/vector-rhel8@sha256:a80831d09c8d469174a9f69e77860ce686bd3b938f9f4d0b0323ac5f296d2dca_ppc64le as a component of RHOL 5.7 for RHEL 8 | *, openshift-logging/vector-rhel8@sha256:a80831d09c8d469174a9f69e77860ce686bd3b938f9f4d0b0323ac5f296d2dca_ppc64le, openshift-logging/vector-rhel8@sha256:a80831d09c8d469174a9f69e77860ce686bd3b938f9f4d0b0323ac5f296d2dca_ppc64le |
…and 106 more
Timeline
- Mar 27, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 16, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:1508 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2268046 issue
- https://issues.redhat.com/browse/LOG-5172 advisory
- https://issues.redhat.com/browse/LOG-5202 advisory
- https://issues.redhat.com/browse/LOG-5241 advisory
- https://issues.redhat.com/browse/LOG-5251 advisory
- https://issues.redhat.com/browse/LOG-5275 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1508.json advisory
- https://access.redhat.com/security/cve/CVE-2024-24786 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-24786 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-24786 advisory
- https://go.dev/cl/569356 advisory
- https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/ advisory
- https://pkg.go.dev/vuln/GO-2024-2611 advisory