VDB
RHSA-2024%3A4520
RHSA-2024%3A4520
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64, rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64, rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64 |
| Red Hat | rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64 as a component of 8Base-RHMTC-1.7 | * |
| Red Hat | rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64, rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64, rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64 |
| Red Hat | rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64 as a component of 8Base-RHMTC-1.7 | * |
| Red Hat | rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64 as a component of 8Base-RHMTC-1.7 | *, rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64, rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64 |
| Red Hat | rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64, rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64, rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64 |
| Red Hat | rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64 as a component of 8Base-RHMTC-1.7 | *, rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64, rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64 |
| Red Hat | rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64 as a component of 8Base-RHMTC-1.7 | * |
| Red Hat | rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64 as a component of 8Base-RHMTC-1.7 | * |
| Red Hat | rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64, *, rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64 |
| Red Hat | rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64, *, rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64 |
| Red Hat | rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64, rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64, rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64 |
| Red Hat | rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64 as a component of 8Base-RHMTC-1.7 | * |
| Red Hat | rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64 as a component of 8Base-RHMTC-1.7 | * |
| Red Hat | rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64 as a component of 8Base-RHMTC-1.7 | * |
| Red Hat | rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64 as a component of 8Base-RHMTC-1.7 | * |
| Red Hat | rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64 as a component of 8Base-RHMTC-1.7 | *, rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64, * |
| Red Hat | rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64, rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64, rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64 |
| Red Hat | rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64, *, rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64 |
| Red Hat | rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64 as a component of 8Base-RHMTC-1.7 | *, rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64, rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64 |
…and 14 more
Timeline
- Jul 11, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 13, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:4520 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2268017 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2268019 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2268021 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2268022 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2270863 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2272986 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4520.json advisory
- https://access.redhat.com/security/cve/CVE-2023-45290 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-45290 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-45290 advisory
- http://www.openwall.com/lists/oss-security/2024/03/08/4 advisory
- https://go.dev/cl/569341 advisory
- https://go.dev/issue/65383 advisory
- https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg advisory
- https://pkg.go.dev/vuln/GO-2024-2599 advisory
- https://security.netapp.com/advisory/ntap-20240329-0004 advisory
- https://access.redhat.com/security/cve/CVE-2024-24783 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-24783 advisory
…and 25 more