VDB
RHSA-2024%3A1537
RHSA-2024%3A1537
PUBLISHED
CVSS 5.900000095367432 MEDIUM
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/numaresources-rhel8-operator@sha256:61046b76f996adb139cdc44cbb142b6999bf8503229a65d18227c2ebdcac18fc_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, * |
| Red Hat | openshift4/performance-addon-operator-must-gather-rhel8@sha256:7c62a226b3098c724402201e0fc251d7abbbfc726f18d556ad97d58684eb6373_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, * |
| Red Hat | openshift4/cnf-tests-rhel8@sha256:1557755b7221f41738b6b607af8412d6fb541ceb08fd48f82ad5580d8daafc9f_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/cnf-tests-rhel8@sha256:1557755b7221f41738b6b607af8412d6fb541ceb08fd48f82ad5580d8daafc9f_amd64, openshift4/cnf-tests-rhel8@sha256:1557755b7221f41738b6b607af8412d6fb541ceb08fd48f82ad5580d8daafc9f_amd64, * |
| Red Hat | openshift4/numaresources-operator-bundle@sha256:7f5ddc79b60a283066285fb5fed5e91b9a7b6d50d4c16095b4ee984456352a06_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/numaresources-operator-bundle@sha256:7f5ddc79b60a283066285fb5fed5e91b9a7b6d50d4c16095b4ee984456352a06_amd64, openshift4/numaresources-operator-bundle@sha256:7f5ddc79b60a283066285fb5fed5e91b9a7b6d50d4c16095b4ee984456352a06_amd64, openshift4/numaresources-operator-bundle@sha256:7f5ddc79b60a283066285fb5fed5e91b9a7b6d50d4c16095b4ee984456352a06_amd64 |
| Red Hat | openshift4/dpdk-base-rhel8@sha256:0e6bdd39419572fba8f89c910b9313dc74b96dc0ea7d4efa44f9b69be0f33e28_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/dpdk-base-rhel8@sha256:0e6bdd39419572fba8f89c910b9313dc74b96dc0ea7d4efa44f9b69be0f33e28_amd64, *, * |
| Red Hat | openshift4/cnf-tests-rhel8@sha256:1557755b7221f41738b6b607af8412d6fb541ceb08fd48f82ad5580d8daafc9f_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/cnf-tests-rhel8@sha256:1557755b7221f41738b6b607af8412d6fb541ceb08fd48f82ad5580d8daafc9f_amd64, * |
| Red Hat | openshift4/noderesourcetopology-scheduler-container-rhel8@sha256:ac0874d92b3204756ddaa4f5b6e4a4d66ecc9e807c5deb0b028d744424d00eb6_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, openshift4/noderesourcetopology-scheduler-container-rhel8@sha256:ac0874d92b3204756ddaa4f5b6e4a4d66ecc9e807c5deb0b028d744424d00eb6_amd64 |
| Red Hat | openshift4/numaresources-rhel8-operator@sha256:61046b76f996adb139cdc44cbb142b6999bf8503229a65d18227c2ebdcac18fc_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, openshift4/numaresources-rhel8-operator@sha256:61046b76f996adb139cdc44cbb142b6999bf8503229a65d18227c2ebdcac18fc_amd64 |
| Red Hat | openshift4/noderesourcetopology-scheduler-container-rhel8@sha256:ac0874d92b3204756ddaa4f5b6e4a4d66ecc9e807c5deb0b028d744424d00eb6_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/noderesourcetopology-scheduler-container-rhel8@sha256:ac0874d92b3204756ddaa4f5b6e4a4d66ecc9e807c5deb0b028d744424d00eb6_amd64, openshift4/noderesourcetopology-scheduler-container-rhel8@sha256:ac0874d92b3204756ddaa4f5b6e4a4d66ecc9e807c5deb0b028d744424d00eb6_amd64, * |
| Red Hat | openshift4/performance-addon-operator-must-gather-rhel8@sha256:7c62a226b3098c724402201e0fc251d7abbbfc726f18d556ad97d58684eb6373_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/performance-addon-operator-must-gather-rhel8@sha256:7c62a226b3098c724402201e0fc251d7abbbfc726f18d556ad97d58684eb6373_amd64, openshift4/performance-addon-operator-must-gather-rhel8@sha256:7c62a226b3098c724402201e0fc251d7abbbfc726f18d556ad97d58684eb6373_amd64, openshift4/performance-addon-operator-must-gather-rhel8@sha256:7c62a226b3098c724402201e0fc251d7abbbfc726f18d556ad97d58684eb6373_amd64 |
| Red Hat | openshift4/dpdk-base-rhel8@sha256:0e6bdd39419572fba8f89c910b9313dc74b96dc0ea7d4efa44f9b69be0f33e28_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/dpdk-base-rhel8@sha256:0e6bdd39419572fba8f89c910b9313dc74b96dc0ea7d4efa44f9b69be0f33e28_amd64, openshift4/dpdk-base-rhel8@sha256:0e6bdd39419572fba8f89c910b9313dc74b96dc0ea7d4efa44f9b69be0f33e28_amd64, openshift4/dpdk-base-rhel8@sha256:0e6bdd39419572fba8f89c910b9313dc74b96dc0ea7d4efa44f9b69be0f33e28_amd64 |
| Red Hat | openshift4/numaresources-operator-bundle@sha256:7f5ddc79b60a283066285fb5fed5e91b9a7b6d50d4c16095b4ee984456352a06_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/numaresources-operator-bundle@sha256:7f5ddc79b60a283066285fb5fed5e91b9a7b6d50d4c16095b4ee984456352a06_amd64, openshift4/numaresources-operator-bundle@sha256:7f5ddc79b60a283066285fb5fed5e91b9a7b6d50d4c16095b4ee984456352a06_amd64 |
Timeline
- Mar 27, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 16, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:1537 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://access.redhat.com/security/cve/cve-2024-24786 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2268046 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1537.json advisory
- https://access.redhat.com/security/cve/CVE-2024-24786 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-24786 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-24786 advisory
- https://go.dev/cl/569356 advisory
- https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/ advisory
- https://pkg.go.dev/vuln/GO-2024-2611 advisory