VDB

RHSA-2024%3A1537

RHSA-2024%3A1537 PUBLISHED CVSS 5.900000095367432 MEDIUM

A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.

Risk Scores

CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatopenshift4/numaresources-rhel8-operator@sha256:61046b76f996adb139cdc44cbb142b6999bf8503229a65d18227c2ebdcac18fc_amd64 as a component of Red Hat OpenShift Container Platform 4.13*, *, *
Red Hatopenshift4/performance-addon-operator-must-gather-rhel8@sha256:7c62a226b3098c724402201e0fc251d7abbbfc726f18d556ad97d58684eb6373_amd64 as a component of Red Hat OpenShift Container Platform 4.13*, *, *
Red Hatopenshift4/cnf-tests-rhel8@sha256:1557755b7221f41738b6b607af8412d6fb541ceb08fd48f82ad5580d8daafc9f_amd64 as a component of Red Hat OpenShift Container Platform 4.13openshift4/cnf-tests-rhel8@sha256:1557755b7221f41738b6b607af8412d6fb541ceb08fd48f82ad5580d8daafc9f_amd64, openshift4/cnf-tests-rhel8@sha256:1557755b7221f41738b6b607af8412d6fb541ceb08fd48f82ad5580d8daafc9f_amd64, *
Red Hatopenshift4/numaresources-operator-bundle@sha256:7f5ddc79b60a283066285fb5fed5e91b9a7b6d50d4c16095b4ee984456352a06_amd64 as a component of Red Hat OpenShift Container Platform 4.13openshift4/numaresources-operator-bundle@sha256:7f5ddc79b60a283066285fb5fed5e91b9a7b6d50d4c16095b4ee984456352a06_amd64, openshift4/numaresources-operator-bundle@sha256:7f5ddc79b60a283066285fb5fed5e91b9a7b6d50d4c16095b4ee984456352a06_amd64, openshift4/numaresources-operator-bundle@sha256:7f5ddc79b60a283066285fb5fed5e91b9a7b6d50d4c16095b4ee984456352a06_amd64
Red Hatopenshift4/dpdk-base-rhel8@sha256:0e6bdd39419572fba8f89c910b9313dc74b96dc0ea7d4efa44f9b69be0f33e28_amd64 as a component of Red Hat OpenShift Container Platform 4.13openshift4/dpdk-base-rhel8@sha256:0e6bdd39419572fba8f89c910b9313dc74b96dc0ea7d4efa44f9b69be0f33e28_amd64, *, *
Red Hatopenshift4/cnf-tests-rhel8@sha256:1557755b7221f41738b6b607af8412d6fb541ceb08fd48f82ad5580d8daafc9f_amd64 as a component of Red Hat OpenShift Container Platform 4.13*, openshift4/cnf-tests-rhel8@sha256:1557755b7221f41738b6b607af8412d6fb541ceb08fd48f82ad5580d8daafc9f_amd64, *
Red Hatopenshift4/noderesourcetopology-scheduler-container-rhel8@sha256:ac0874d92b3204756ddaa4f5b6e4a4d66ecc9e807c5deb0b028d744424d00eb6_amd64 as a component of Red Hat OpenShift Container Platform 4.13*, *, openshift4/noderesourcetopology-scheduler-container-rhel8@sha256:ac0874d92b3204756ddaa4f5b6e4a4d66ecc9e807c5deb0b028d744424d00eb6_amd64
Red Hatopenshift4/numaresources-rhel8-operator@sha256:61046b76f996adb139cdc44cbb142b6999bf8503229a65d18227c2ebdcac18fc_amd64 as a component of Red Hat OpenShift Container Platform 4.13*, *, openshift4/numaresources-rhel8-operator@sha256:61046b76f996adb139cdc44cbb142b6999bf8503229a65d18227c2ebdcac18fc_amd64
Red Hatopenshift4/noderesourcetopology-scheduler-container-rhel8@sha256:ac0874d92b3204756ddaa4f5b6e4a4d66ecc9e807c5deb0b028d744424d00eb6_amd64 as a component of Red Hat OpenShift Container Platform 4.13openshift4/noderesourcetopology-scheduler-container-rhel8@sha256:ac0874d92b3204756ddaa4f5b6e4a4d66ecc9e807c5deb0b028d744424d00eb6_amd64, openshift4/noderesourcetopology-scheduler-container-rhel8@sha256:ac0874d92b3204756ddaa4f5b6e4a4d66ecc9e807c5deb0b028d744424d00eb6_amd64, *
Red Hatopenshift4/performance-addon-operator-must-gather-rhel8@sha256:7c62a226b3098c724402201e0fc251d7abbbfc726f18d556ad97d58684eb6373_amd64 as a component of Red Hat OpenShift Container Platform 4.13openshift4/performance-addon-operator-must-gather-rhel8@sha256:7c62a226b3098c724402201e0fc251d7abbbfc726f18d556ad97d58684eb6373_amd64, openshift4/performance-addon-operator-must-gather-rhel8@sha256:7c62a226b3098c724402201e0fc251d7abbbfc726f18d556ad97d58684eb6373_amd64, openshift4/performance-addon-operator-must-gather-rhel8@sha256:7c62a226b3098c724402201e0fc251d7abbbfc726f18d556ad97d58684eb6373_amd64
Red Hatopenshift4/dpdk-base-rhel8@sha256:0e6bdd39419572fba8f89c910b9313dc74b96dc0ea7d4efa44f9b69be0f33e28_amd64 as a component of Red Hat OpenShift Container Platform 4.13openshift4/dpdk-base-rhel8@sha256:0e6bdd39419572fba8f89c910b9313dc74b96dc0ea7d4efa44f9b69be0f33e28_amd64, openshift4/dpdk-base-rhel8@sha256:0e6bdd39419572fba8f89c910b9313dc74b96dc0ea7d4efa44f9b69be0f33e28_amd64, openshift4/dpdk-base-rhel8@sha256:0e6bdd39419572fba8f89c910b9313dc74b96dc0ea7d4efa44f9b69be0f33e28_amd64
Red Hatopenshift4/numaresources-operator-bundle@sha256:7f5ddc79b60a283066285fb5fed5e91b9a7b6d50d4c16095b4ee984456352a06_amd64 as a component of Red Hat OpenShift Container Platform 4.13*, openshift4/numaresources-operator-bundle@sha256:7f5ddc79b60a283066285fb5fed5e91b9a7b6d50d4c16095b4ee984456352a06_amd64, openshift4/numaresources-operator-bundle@sha256:7f5ddc79b60a283066285fb5fed5e91b9a7b6d50d4c16095b4ee984456352a06_amd64

Timeline

  • Mar 27, 2024 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 16, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›