VDB
RHSA-2024%3A3349
RHSA-2024%3A3349
PUBLISHED
CVSS 4.300000190734863 MEDIUM
A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-azure-cloud-node-manager-rhel8@sha256:2429d1750e83f05adf9c842b9851cf4336650c1b8cb63c59f2b7fbd75a9b6488_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-azure-cloud-node-manager-rhel8@sha256:2429d1750e83f05adf9c842b9851cf4336650c1b8cb63c59f2b7fbd75a9b6488_amd64, openshift4/ose-azure-cloud-node-manager-rhel8@sha256:2429d1750e83f05adf9c842b9851cf4336650c1b8cb63c59f2b7fbd75a9b6488_amd64 |
| Red Hat | openshift4/ose-csi-external-resizer@sha256:74a58078a660a6b5de2592f814e96550ddb06d66ce9245ca9c118d8b393fde5c_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-external-resizer@sha256:74a58078a660a6b5de2592f814e96550ddb06d66ce9245ca9c118d8b393fde5c_s390x, openshift4/ose-csi-external-resizer@sha256:74a58078a660a6b5de2592f814e96550ddb06d66ce9245ca9c118d8b393fde5c_s390x |
| Red Hat | openshift4/ose-multus-route-override-cni-rhel8@sha256:3e4be0aa39e0970d903716066fb4048bed9f24e4976545077ed6e083b2d5268e_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-multus-route-override-cni-rhel8@sha256:3e4be0aa39e0970d903716066fb4048bed9f24e4976545077ed6e083b2d5268e_amd64, openshift4/ose-multus-route-override-cni-rhel8@sha256:3e4be0aa39e0970d903716066fb4048bed9f24e4976545077ed6e083b2d5268e_amd64 |
| Red Hat | openshift4/ose-must-gather@sha256:fce64b659b6b903ae5bd0cdbd0573512bc1c4bac655734f24be2863331f988a9_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-must-gather@sha256:fce64b659b6b903ae5bd0cdbd0573512bc1c4bac655734f24be2863331f988a9_amd64, * |
| Red Hat | openshift4/ose-cluster-image-registry-operator@sha256:d095d41e0aa06cd856fc9cf0344e069697bede4eb3739a781495e809ad41fcda_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-image-registry-operator@sha256:d095d41e0aa06cd856fc9cf0344e069697bede4eb3739a781495e809ad41fcda_ppc64le, openshift4/ose-cluster-image-registry-operator@sha256:d095d41e0aa06cd856fc9cf0344e069697bede4eb3739a781495e809ad41fcda_ppc64le |
| Red Hat | openshift4/ose-telemeter@sha256:28f9e7f942d22409312cfbe8f98dd3edef975d5913e463192ad1651b162a7ce1_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-telemeter@sha256:28f9e7f942d22409312cfbe8f98dd3edef975d5913e463192ad1651b162a7ce1_ppc64le, openshift4/ose-telemeter@sha256:28f9e7f942d22409312cfbe8f98dd3edef975d5913e463192ad1651b162a7ce1_ppc64le |
| Red Hat | openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator@sha256:0c2c3543559ec3c7b48d29a5d980846efbe143606b246d6c0c67ef5165616ce7_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator@sha256:0c2c3543559ec3c7b48d29a5d980846efbe143606b246d6c0c67ef5165616ce7_s390x, * |
| Red Hat | openshift4/ose-cluster-cloud-controller-manager-operator-rhel8@sha256:d0b5585baf7eb2bf7264c532ddca7db2760f304aed52c67c3f10df06ce606a26_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-cloud-controller-manager-operator-rhel8@sha256:d0b5585baf7eb2bf7264c532ddca7db2760f304aed52c67c3f10df06ce606a26_s390x, * |
| Red Hat | openshift4/ose-cluster-kube-cluster-api-rhel8-operator@sha256:f8a6e6ccd85c7810618675f5815697b7adcd4b406b0fe4cce14e41118d034dbb_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | *, * |
| Red Hat | openshift4/ose-hypershift-rhel8@sha256:01e157c32b35440a1df906dc8db921b2f5187e392c063a87d572820342bf0659_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, * |
| Red Hat | openshift4/ose-operator-registry@sha256:2e7758f50b684f57a7fe22dabac39742bb8565d217b51c44c309e6063ea8a193_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-operator-registry@sha256:2e7758f50b684f57a7fe22dabac39742bb8565d217b51c44c309e6063ea8a193_arm64 |
| Red Hat | openshift4/ose-csi-node-driver-registrar@sha256:7f51ae5254c0406f2f2f26de7e3b0b0df21ccaa3c2fd1587f3e59e5849022e1a_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | *, * |
| Red Hat | openshift4/ose-ovirt-machine-controllers-rhel8@sha256:13e314f6175bf6add20b946317c58ce65c12dfa3cb306048669a59739431e88b_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-ovirt-machine-controllers-rhel8@sha256:13e314f6175bf6add20b946317c58ce65c12dfa3cb306048669a59739431e88b_amd64, openshift4/ose-ovirt-machine-controllers-rhel8@sha256:13e314f6175bf6add20b946317c58ce65c12dfa3cb306048669a59739431e88b_amd64 |
| Red Hat | openshift4/ose-csi-livenessprobe@sha256:b93c0b1fb4934b97da781c36052d12f30795aa38bbd584a523a294698257ef02_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, * |
| Red Hat | openshift4/ose-installer-artifacts@sha256:bd46a49bc2c5bb055d05013070c93cbdfee97b9ec5d05e404a6a4124191df089_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-installer-artifacts@sha256:bd46a49bc2c5bb055d05013070c93cbdfee97b9ec5d05e404a6a4124191df089_arm64, openshift4/ose-installer-artifacts@sha256:bd46a49bc2c5bb055d05013070c93cbdfee97b9ec5d05e404a6a4124191df089_arm64 |
| Red Hat | openshift4/ose-console@sha256:fd222f61c013f1deaab197487a2f380477d33c18e28e7d9a6b8be7b6caf8c89d_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-console@sha256:fd222f61c013f1deaab197487a2f380477d33c18e28e7d9a6b8be7b6caf8c89d_arm64, openshift4/ose-console@sha256:fd222f61c013f1deaab197487a2f380477d33c18e28e7d9a6b8be7b6caf8c89d_arm64 |
| Red Hat | openshift4/ose-powervs-block-csi-driver-operator-rhel8@sha256:fd40a2073484c0451490dd3df7511cad87f5c494f126b6208393f458b88259a8_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-powervs-block-csi-driver-operator-rhel8@sha256:fd40a2073484c0451490dd3df7511cad87f5c494f126b6208393f458b88259a8_ppc64le, openshift4/ose-powervs-block-csi-driver-operator-rhel8@sha256:fd40a2073484c0451490dd3df7511cad87f5c494f126b6208393f458b88259a8_ppc64le |
| Red Hat | openshift4/ose-cluster-kube-scheduler-operator@sha256:738a1eb45b67105f83e4a4a97563b4c7812c0a9ef13b045ac9db66a563f86a2b_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-cluster-kube-scheduler-operator@sha256:738a1eb45b67105f83e4a4a97563b4c7812c0a9ef13b045ac9db66a563f86a2b_arm64 |
| Red Hat | openshift4/ose-csi-driver-shared-resource-operator-rhel8@sha256:ac543f894acc33d4e5f71ea220df7e7b46338d842f91d933784d1c9e77b9fe96_s390x as a component of Red Hat OpenShift Container Platform 4.12 | *, * |
| Red Hat | openshift4/ose-tests@sha256:3e6f52fb430c4555d187b9bc3f5bafa8be66ebac457834683f0ef9ead9b9fb01_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-tests@sha256:3e6f52fb430c4555d187b9bc3f5bafa8be66ebac457834683f0ef9ead9b9fb01_ppc64le |
…and 1264 more
Timeline
- May 30, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 15, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:3349 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2268854 issue
- https://issues.redhat.com/browse/OCPBUGS-33175 advisory
- https://issues.redhat.com/browse/OCPBUGS-33198 advisory
- https://issues.redhat.com/browse/OCPBUGS-33386 advisory
- https://issues.redhat.com/browse/OCPBUGS-33422 advisory
- https://issues.redhat.com/browse/OCPBUGS-33517 advisory
- https://issues.redhat.com/browse/OCPBUGS-33778 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3349.json advisory
- https://access.redhat.com/security/cve/CVE-2024-28180 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-28180 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-28180 advisory
- https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g advisory