Action not permitted
Modal body text goes here.
CVE-2024-24791
Vulnerability from cvelistv5
Published
2024-07-02 21:28
Modified
2024-08-01 23:28
Severity
Summary
Denial of service due to improper 100-continue handling in net/http
References
Impacted products
| Vendor | Product |
|---|---|
| Go standard library | net/http |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:go_standard_library:net\\/http:1.21.12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "net\\/http",
"vendor": "go_standard_library",
"versions": [
{
"lessThan": "1.21.12",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "1.22.5",
"status": "affected",
"version": "1.22.0-0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-24791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T13:39:23.366299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T13:45:59.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/591255"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/67555"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2024-2963"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "persistConn.readResponse"
},
{
"name": "Client.CloseIdleConnections"
},
{
"name": "Client.Do"
},
{
"name": "Client.Get"
},
{
"name": "Client.Head"
},
{
"name": "Client.Post"
},
{
"name": "Client.PostForm"
},
{
"name": "Get"
},
{
"name": "Head"
},
{
"name": "Post"
},
{
"name": "PostForm"
},
{
"name": "Transport.CancelRequest"
},
{
"name": "Transport.CloseIdleConnections"
},
{
"name": "Transport.RoundTrip"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.21.12",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.22.5",
"status": "affected",
"version": "1.22.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Geoff Franks"
}
],
"descriptions": [
{
"lang": "en",
"value": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T21:28:25.677Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/591255"
},
{
"url": "https://go.dev/issue/67555"
},
{
"url": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2963"
}
],
"title": "Denial of service due to improper 100-continue handling in net/http"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2024-24791",
"datePublished": "2024-07-02T21:28:25.677Z",
"dateReserved": "2024-01-30T16:05:14.758Z",
"dateUpdated": "2024-08-01T23:28:12.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-24791\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2024-07-02T22:15:04.833\",\"lastModified\":\"2024-07-08T14:17:39.083\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \\\"Expect: 100-continue\\\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \\\"Expect: 100-continue\\\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.\"},{\"lang\":\"es\",\"value\":\"El cliente net/http HTTP/1.1 manej\u00f3 mal el caso en el que un servidor responde a una solicitud con un encabezado \\\"Expect: 100-continue\\\" con un estado no informativo (200 o superior). Este mal manejo podr\u00eda dejar una conexi\u00f3n de cliente en un estado no v\u00e1lido, donde la siguiente solicitud enviada a la conexi\u00f3n fallar\u00e1. Un atacante que env\u00eda una solicitud a un proxy net/http/httputil.ReverseProxy puede aprovechar este mal manejo para provocar una denegaci\u00f3n de servicio enviando solicitudes \\\"Esperar: 100-continuar\\\" que provocan una respuesta no informativa del backend. Cada una de estas solicitudes deja al proxy con una conexi\u00f3n no v\u00e1lida y provoca que falle una solicitud posterior que utiliza esa conexi\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"references\":[{\"url\":\"https://go.dev/cl/591255\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/issue/67555\",\"source\":\"security@golang.org\"},{\"url\":\"https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ\",\"source\":\"security@golang.org\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2024-2963\",\"source\":\"security@golang.org\"}]}}"
}
}
rhsa-2024_5537
Vulnerability from csaf_redhat
Published
2024-08-19 01:53
Modified
2024-09-17 18:29
Summary
Red Hat Security Advisory: Red Hat build of Cryostat security update
Notes
Topic
An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.
Security Fix(es):
* golang: net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.\n\nSecurity Fix(es):\n\n* golang: net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:5537",
"url": "https://access.redhat.com/errata/RHSA-2024:5537"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2295310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5537.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Cryostat security update",
"tracking": {
"current_release_date": "2024-09-17T18:29:38+00:00",
"generator": {
"date": "2024-09-17T18:29:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2024:5537",
"initial_release_date": "2024-08-19T01:53:01+00:00",
"revision_history": [
{
"date": "2024-08-19T01:53:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-08-19T01:53:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-17T18:29:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cryostat 3 on RHEL 8",
"product": {
"name": "Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cryostat:3::el8"
}
}
}
],
"category": "product_family",
"name": "Cryostat"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:773a526f06391088118b00de00d704ba1c28ad360a52f0b1a6f53cd898a87cfa_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:773a526f06391088118b00de00d704ba1c28ad360a52f0b1a6f53cd898a87cfa_arm64",
"product_id": "cryostat-tech-preview/cryostat-db-rhel8@sha256:773a526f06391088118b00de00d704ba1c28ad360a52f0b1a6f53cd898a87cfa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-db-rhel8@sha256:773a526f06391088118b00de00d704ba1c28ad360a52f0b1a6f53cd898a87cfa?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-db-rhel8\u0026tag=3.0.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:59873dbe228f45ff74103f0d4a961ff2d6a25c9e653f363132a0fc953de1c947_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:59873dbe228f45ff74103f0d4a961ff2d6a25c9e653f363132a0fc953de1c947_arm64",
"product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:59873dbe228f45ff74103f0d4a961ff2d6a25c9e653f363132a0fc953de1c947_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:59873dbe228f45ff74103f0d4a961ff2d6a25c9e653f363132a0fc953de1c947?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=3.0.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:e8b030653f73140264c36ee5d4598a03cbf0501d5929ec5da715a712cc2d4e50_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:e8b030653f73140264c36ee5d4598a03cbf0501d5929ec5da715a712cc2d4e50_arm64",
"product_id": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:e8b030653f73140264c36ee5d4598a03cbf0501d5929ec5da715a712cc2d4e50_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel8@sha256:e8b030653f73140264c36ee5d4598a03cbf0501d5929ec5da715a712cc2d4e50?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8\u0026tag=3.0.0-9"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:98db49e93ca4adca1b689ea010adacf706306d83803801dbfc07802d376e85d4_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:98db49e93ca4adca1b689ea010adacf706306d83803801dbfc07802d376e85d4_arm64",
"product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:98db49e93ca4adca1b689ea010adacf706306d83803801dbfc07802d376e85d4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel8@sha256:98db49e93ca4adca1b689ea010adacf706306d83803801dbfc07802d376e85d4?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=3.0.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:d08215ad966f21b9c53cf617bee292296a360f5e2df3b67d392131a85faa1022_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:d08215ad966f21b9c53cf617bee292296a360f5e2df3b67d392131a85faa1022_arm64",
"product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:d08215ad966f21b9c53cf617bee292296a360f5e2df3b67d392131a85faa1022_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8@sha256:d08215ad966f21b9c53cf617bee292296a360f5e2df3b67d392131a85faa1022?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=3.0.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:046d96c35b5b0399ae0845f082147f809a36918b406662f99923f33ac6dfde31_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:046d96c35b5b0399ae0845f082147f809a36918b406662f99923f33ac6dfde31_arm64",
"product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:046d96c35b5b0399ae0845f082147f809a36918b406662f99923f33ac6dfde31_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:046d96c35b5b0399ae0845f082147f809a36918b406662f99923f33ac6dfde31?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=3.0.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:913cea91396d56c68c30e307c7ebc4283485e99e7af53efa40d7d108ece3f34f_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:913cea91396d56c68c30e307c7ebc4283485e99e7af53efa40d7d108ece3f34f_arm64",
"product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:913cea91396d56c68c30e307c7ebc4283485e99e7af53efa40d7d108ece3f34f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8-operator@sha256:913cea91396d56c68c30e307c7ebc4283485e99e7af53efa40d7d108ece3f34f?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=3.0.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:0af1662b57c36259e9f87d910215133868a5b77851442c537dc64874ab546628_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:0af1662b57c36259e9f87d910215133868a5b77851442c537dc64874ab546628_arm64",
"product_id": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:0af1662b57c36259e9f87d910215133868a5b77851442c537dc64874ab546628_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-storage-rhel8@sha256:0af1662b57c36259e9f87d910215133868a5b77851442c537dc64874ab546628?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-storage-rhel8\u0026tag=3.0.0-9"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:2e9deb9be151cf4b3a7fd153a2d172e1793c90304d264def6afc4baa5a79571b_arm64",
"product": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:2e9deb9be151cf4b3a7fd153a2d172e1793c90304d264def6afc4baa5a79571b_arm64",
"product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:2e9deb9be151cf4b3a7fd153a2d172e1793c90304d264def6afc4baa5a79571b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel8@sha256:2e9deb9be151cf4b3a7fd153a2d172e1793c90304d264def6afc4baa5a79571b?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=3.0.0-8"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:a3cfb8c81e8b4751363b73cd7dd78cfc05f5341d095de1d2812da2a98a933a9a_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:a3cfb8c81e8b4751363b73cd7dd78cfc05f5341d095de1d2812da2a98a933a9a_amd64",
"product_id": "cryostat-tech-preview/cryostat-db-rhel8@sha256:a3cfb8c81e8b4751363b73cd7dd78cfc05f5341d095de1d2812da2a98a933a9a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-db-rhel8@sha256:a3cfb8c81e8b4751363b73cd7dd78cfc05f5341d095de1d2812da2a98a933a9a?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-db-rhel8\u0026tag=3.0.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:4d5b9e9581bee3f1dfe75935a12a49c8b07309dcc29107cd7b7b961c3e283dd3_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:4d5b9e9581bee3f1dfe75935a12a49c8b07309dcc29107cd7b7b961c3e283dd3_amd64",
"product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:4d5b9e9581bee3f1dfe75935a12a49c8b07309dcc29107cd7b7b961c3e283dd3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:4d5b9e9581bee3f1dfe75935a12a49c8b07309dcc29107cd7b7b961c3e283dd3?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=3.0.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:89d8364676bdb85173295c10819cd9eba2547af24414a87a3455bc6ecdaeefd7_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:89d8364676bdb85173295c10819cd9eba2547af24414a87a3455bc6ecdaeefd7_amd64",
"product_id": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:89d8364676bdb85173295c10819cd9eba2547af24414a87a3455bc6ecdaeefd7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel8@sha256:89d8364676bdb85173295c10819cd9eba2547af24414a87a3455bc6ecdaeefd7?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8\u0026tag=3.0.0-9"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:fdcdbf9fa905d0da99db1758af14c194cdd3a11f570e7289b76392412a260518_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:fdcdbf9fa905d0da99db1758af14c194cdd3a11f570e7289b76392412a260518_amd64",
"product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:fdcdbf9fa905d0da99db1758af14c194cdd3a11f570e7289b76392412a260518_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel8@sha256:fdcdbf9fa905d0da99db1758af14c194cdd3a11f570e7289b76392412a260518?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=3.0.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:ecb6a99ba7a3f13c299b7cf215307b618efbc42ce83ab36d4644b637af0ae794_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:ecb6a99ba7a3f13c299b7cf215307b618efbc42ce83ab36d4644b637af0ae794_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:ecb6a99ba7a3f13c299b7cf215307b618efbc42ce83ab36d4644b637af0ae794_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8@sha256:ecb6a99ba7a3f13c299b7cf215307b618efbc42ce83ab36d4644b637af0ae794?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=3.0.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:0d2c21fab0381dab7270ff14f73ba1e5974bafc6ae847afcca3e3da7359f1a6a_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:0d2c21fab0381dab7270ff14f73ba1e5974bafc6ae847afcca3e3da7359f1a6a_amd64",
"product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:0d2c21fab0381dab7270ff14f73ba1e5974bafc6ae847afcca3e3da7359f1a6a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:0d2c21fab0381dab7270ff14f73ba1e5974bafc6ae847afcca3e3da7359f1a6a?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=3.0.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:f2b0e1c4e9c8c69e0156f2c6d18fccad48b9307fa3e895a030c66dbedfd60670_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:f2b0e1c4e9c8c69e0156f2c6d18fccad48b9307fa3e895a030c66dbedfd60670_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:f2b0e1c4e9c8c69e0156f2c6d18fccad48b9307fa3e895a030c66dbedfd60670_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8-operator@sha256:f2b0e1c4e9c8c69e0156f2c6d18fccad48b9307fa3e895a030c66dbedfd60670?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=3.0.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:bc157455c437b03c0b588d4463d14cad032f00dee3e0b69ddae86e652136a173_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:bc157455c437b03c0b588d4463d14cad032f00dee3e0b69ddae86e652136a173_amd64",
"product_id": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:bc157455c437b03c0b588d4463d14cad032f00dee3e0b69ddae86e652136a173_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-storage-rhel8@sha256:bc157455c437b03c0b588d4463d14cad032f00dee3e0b69ddae86e652136a173?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-storage-rhel8\u0026tag=3.0.0-9"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:372e33121f68d756d021b56b42ca5a57672642c32bc727012874e8a48a5e6841_amd64",
"product": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:372e33121f68d756d021b56b42ca5a57672642c32bc727012874e8a48a5e6841_amd64",
"product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:372e33121f68d756d021b56b42ca5a57672642c32bc727012874e8a48a5e6841_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel8@sha256:372e33121f68d756d021b56b42ca5a57672642c32bc727012874e8a48a5e6841?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=3.0.0-8"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:773a526f06391088118b00de00d704ba1c28ad360a52f0b1a6f53cd898a87cfa_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:773a526f06391088118b00de00d704ba1c28ad360a52f0b1a6f53cd898a87cfa_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-db-rhel8@sha256:773a526f06391088118b00de00d704ba1c28ad360a52f0b1a6f53cd898a87cfa_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:a3cfb8c81e8b4751363b73cd7dd78cfc05f5341d095de1d2812da2a98a933a9a_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:a3cfb8c81e8b4751363b73cd7dd78cfc05f5341d095de1d2812da2a98a933a9a_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-db-rhel8@sha256:a3cfb8c81e8b4751363b73cd7dd78cfc05f5341d095de1d2812da2a98a933a9a_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:4d5b9e9581bee3f1dfe75935a12a49c8b07309dcc29107cd7b7b961c3e283dd3_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:4d5b9e9581bee3f1dfe75935a12a49c8b07309dcc29107cd7b7b961c3e283dd3_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:4d5b9e9581bee3f1dfe75935a12a49c8b07309dcc29107cd7b7b961c3e283dd3_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:59873dbe228f45ff74103f0d4a961ff2d6a25c9e653f363132a0fc953de1c947_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:59873dbe228f45ff74103f0d4a961ff2d6a25c9e653f363132a0fc953de1c947_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:59873dbe228f45ff74103f0d4a961ff2d6a25c9e653f363132a0fc953de1c947_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:046d96c35b5b0399ae0845f082147f809a36918b406662f99923f33ac6dfde31_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:046d96c35b5b0399ae0845f082147f809a36918b406662f99923f33ac6dfde31_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:046d96c35b5b0399ae0845f082147f809a36918b406662f99923f33ac6dfde31_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:0d2c21fab0381dab7270ff14f73ba1e5974bafc6ae847afcca3e3da7359f1a6a_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:0d2c21fab0381dab7270ff14f73ba1e5974bafc6ae847afcca3e3da7359f1a6a_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:0d2c21fab0381dab7270ff14f73ba1e5974bafc6ae847afcca3e3da7359f1a6a_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:89d8364676bdb85173295c10819cd9eba2547af24414a87a3455bc6ecdaeefd7_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:89d8364676bdb85173295c10819cd9eba2547af24414a87a3455bc6ecdaeefd7_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:89d8364676bdb85173295c10819cd9eba2547af24414a87a3455bc6ecdaeefd7_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:e8b030653f73140264c36ee5d4598a03cbf0501d5929ec5da715a712cc2d4e50_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:e8b030653f73140264c36ee5d4598a03cbf0501d5929ec5da715a712cc2d4e50_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:e8b030653f73140264c36ee5d4598a03cbf0501d5929ec5da715a712cc2d4e50_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:98db49e93ca4adca1b689ea010adacf706306d83803801dbfc07802d376e85d4_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:98db49e93ca4adca1b689ea010adacf706306d83803801dbfc07802d376e85d4_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:98db49e93ca4adca1b689ea010adacf706306d83803801dbfc07802d376e85d4_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:fdcdbf9fa905d0da99db1758af14c194cdd3a11f570e7289b76392412a260518_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:fdcdbf9fa905d0da99db1758af14c194cdd3a11f570e7289b76392412a260518_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:fdcdbf9fa905d0da99db1758af14c194cdd3a11f570e7289b76392412a260518_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:913cea91396d56c68c30e307c7ebc4283485e99e7af53efa40d7d108ece3f34f_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:913cea91396d56c68c30e307c7ebc4283485e99e7af53efa40d7d108ece3f34f_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:913cea91396d56c68c30e307c7ebc4283485e99e7af53efa40d7d108ece3f34f_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:f2b0e1c4e9c8c69e0156f2c6d18fccad48b9307fa3e895a030c66dbedfd60670_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:f2b0e1c4e9c8c69e0156f2c6d18fccad48b9307fa3e895a030c66dbedfd60670_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:f2b0e1c4e9c8c69e0156f2c6d18fccad48b9307fa3e895a030c66dbedfd60670_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:d08215ad966f21b9c53cf617bee292296a360f5e2df3b67d392131a85faa1022_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:d08215ad966f21b9c53cf617bee292296a360f5e2df3b67d392131a85faa1022_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:d08215ad966f21b9c53cf617bee292296a360f5e2df3b67d392131a85faa1022_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:ecb6a99ba7a3f13c299b7cf215307b618efbc42ce83ab36d4644b637af0ae794_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:ecb6a99ba7a3f13c299b7cf215307b618efbc42ce83ab36d4644b637af0ae794_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:ecb6a99ba7a3f13c299b7cf215307b618efbc42ce83ab36d4644b637af0ae794_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:0af1662b57c36259e9f87d910215133868a5b77851442c537dc64874ab546628_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:0af1662b57c36259e9f87d910215133868a5b77851442c537dc64874ab546628_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:0af1662b57c36259e9f87d910215133868a5b77851442c537dc64874ab546628_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:bc157455c437b03c0b588d4463d14cad032f00dee3e0b69ddae86e652136a173_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:bc157455c437b03c0b588d4463d14cad032f00dee3e0b69ddae86e652136a173_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:bc157455c437b03c0b588d4463d14cad032f00dee3e0b69ddae86e652136a173_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:2e9deb9be151cf4b3a7fd153a2d172e1793c90304d264def6afc4baa5a79571b_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:2e9deb9be151cf4b3a7fd153a2d172e1793c90304d264def6afc4baa5a79571b_arm64"
},
"product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:2e9deb9be151cf4b3a7fd153a2d172e1793c90304d264def6afc4baa5a79571b_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:372e33121f68d756d021b56b42ca5a57672642c32bc727012874e8a48a5e6841_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:372e33121f68d756d021b56b42ca5a57672642c32bc727012874e8a48a5e6841_amd64"
},
"product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:372e33121f68d756d021b56b42ca5a57672642c32bc727012874e8a48a5e6841_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24791",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-07-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2295310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Denial of service due to improper 100-continue handling in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An attacker would need to control a malicious server and induce a client to connect to it, requiring some amount of preparation outside of the attacker\u0027s control. This reduces the severity score of this flaw to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:773a526f06391088118b00de00d704ba1c28ad360a52f0b1a6f53cd898a87cfa_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:a3cfb8c81e8b4751363b73cd7dd78cfc05f5341d095de1d2812da2a98a933a9a_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:4d5b9e9581bee3f1dfe75935a12a49c8b07309dcc29107cd7b7b961c3e283dd3_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:59873dbe228f45ff74103f0d4a961ff2d6a25c9e653f363132a0fc953de1c947_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:046d96c35b5b0399ae0845f082147f809a36918b406662f99923f33ac6dfde31_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:0d2c21fab0381dab7270ff14f73ba1e5974bafc6ae847afcca3e3da7359f1a6a_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:89d8364676bdb85173295c10819cd9eba2547af24414a87a3455bc6ecdaeefd7_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:e8b030653f73140264c36ee5d4598a03cbf0501d5929ec5da715a712cc2d4e50_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:98db49e93ca4adca1b689ea010adacf706306d83803801dbfc07802d376e85d4_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:fdcdbf9fa905d0da99db1758af14c194cdd3a11f570e7289b76392412a260518_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:913cea91396d56c68c30e307c7ebc4283485e99e7af53efa40d7d108ece3f34f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:f2b0e1c4e9c8c69e0156f2c6d18fccad48b9307fa3e895a030c66dbedfd60670_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:d08215ad966f21b9c53cf617bee292296a360f5e2df3b67d392131a85faa1022_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:ecb6a99ba7a3f13c299b7cf215307b618efbc42ce83ab36d4644b637af0ae794_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:0af1662b57c36259e9f87d910215133868a5b77851442c537dc64874ab546628_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:bc157455c437b03c0b588d4463d14cad032f00dee3e0b69ddae86e652136a173_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:2e9deb9be151cf4b3a7fd153a2d172e1793c90304d264def6afc4baa5a79571b_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:372e33121f68d756d021b56b42ca5a57672642c32bc727012874e8a48a5e6841_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24791"
},
{
"category": "external",
"summary": "RHBZ#2295310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24791",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24791"
},
{
"category": "external",
"summary": "https://go.dev/cl/591255",
"url": "https://go.dev/cl/591255"
},
{
"category": "external",
"summary": "https://go.dev/issue/67555",
"url": "https://go.dev/issue/67555"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ",
"url": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ"
}
],
"release_date": "2024-07-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:773a526f06391088118b00de00d704ba1c28ad360a52f0b1a6f53cd898a87cfa_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:a3cfb8c81e8b4751363b73cd7dd78cfc05f5341d095de1d2812da2a98a933a9a_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:4d5b9e9581bee3f1dfe75935a12a49c8b07309dcc29107cd7b7b961c3e283dd3_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:59873dbe228f45ff74103f0d4a961ff2d6a25c9e653f363132a0fc953de1c947_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:046d96c35b5b0399ae0845f082147f809a36918b406662f99923f33ac6dfde31_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:0d2c21fab0381dab7270ff14f73ba1e5974bafc6ae847afcca3e3da7359f1a6a_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:89d8364676bdb85173295c10819cd9eba2547af24414a87a3455bc6ecdaeefd7_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:e8b030653f73140264c36ee5d4598a03cbf0501d5929ec5da715a712cc2d4e50_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:98db49e93ca4adca1b689ea010adacf706306d83803801dbfc07802d376e85d4_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:fdcdbf9fa905d0da99db1758af14c194cdd3a11f570e7289b76392412a260518_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:913cea91396d56c68c30e307c7ebc4283485e99e7af53efa40d7d108ece3f34f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:f2b0e1c4e9c8c69e0156f2c6d18fccad48b9307fa3e895a030c66dbedfd60670_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:d08215ad966f21b9c53cf617bee292296a360f5e2df3b67d392131a85faa1022_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:ecb6a99ba7a3f13c299b7cf215307b618efbc42ce83ab36d4644b637af0ae794_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:0af1662b57c36259e9f87d910215133868a5b77851442c537dc64874ab546628_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:bc157455c437b03c0b588d4463d14cad032f00dee3e0b69ddae86e652136a173_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:2e9deb9be151cf4b3a7fd153a2d172e1793c90304d264def6afc4baa5a79571b_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:372e33121f68d756d021b56b42ca5a57672642c32bc727012874e8a48a5e6841_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:5537"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:773a526f06391088118b00de00d704ba1c28ad360a52f0b1a6f53cd898a87cfa_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:a3cfb8c81e8b4751363b73cd7dd78cfc05f5341d095de1d2812da2a98a933a9a_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:4d5b9e9581bee3f1dfe75935a12a49c8b07309dcc29107cd7b7b961c3e283dd3_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:59873dbe228f45ff74103f0d4a961ff2d6a25c9e653f363132a0fc953de1c947_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:046d96c35b5b0399ae0845f082147f809a36918b406662f99923f33ac6dfde31_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:0d2c21fab0381dab7270ff14f73ba1e5974bafc6ae847afcca3e3da7359f1a6a_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:89d8364676bdb85173295c10819cd9eba2547af24414a87a3455bc6ecdaeefd7_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:e8b030653f73140264c36ee5d4598a03cbf0501d5929ec5da715a712cc2d4e50_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:98db49e93ca4adca1b689ea010adacf706306d83803801dbfc07802d376e85d4_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:fdcdbf9fa905d0da99db1758af14c194cdd3a11f570e7289b76392412a260518_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:913cea91396d56c68c30e307c7ebc4283485e99e7af53efa40d7d108ece3f34f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:f2b0e1c4e9c8c69e0156f2c6d18fccad48b9307fa3e895a030c66dbedfd60670_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:d08215ad966f21b9c53cf617bee292296a360f5e2df3b67d392131a85faa1022_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:ecb6a99ba7a3f13c299b7cf215307b618efbc42ce83ab36d4644b637af0ae794_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:0af1662b57c36259e9f87d910215133868a5b77851442c537dc64874ab546628_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:bc157455c437b03c0b588d4463d14cad032f00dee3e0b69ddae86e652136a173_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:2e9deb9be151cf4b3a7fd153a2d172e1793c90304d264def6afc4baa5a79571b_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:372e33121f68d756d021b56b42ca5a57672642c32bc727012874e8a48a5e6841_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Denial of service due to improper 100-continue handling in net/http"
}
]
}
rhsa-2024_6462
Vulnerability from csaf_redhat
Published
2024-09-09 00:49
Modified
2024-09-18 19:39
Summary
Red Hat Security Advisory: Cost Management enhancement and security update
Notes
Topic
Downstream release of version 3.3.1 of the Cost Management operator.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Downstream release (3.3.1) of the koku-metrics-operator. See release notes for features delivered as part of this release. Release notes can be found at: https://github.com/project-koku/koku-metrics-operator/releases/tag/v3.3.1-downstream
Security Fix(es):
* golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)
* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)
* golang: net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Downstream release of version 3.3.1 of the Cost Management operator.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Downstream release (3.3.1) of the koku-metrics-operator. See release notes for features delivered as part of this release. Release notes can be found at: https://github.com/project-koku/koku-metrics-operator/releases/tag/v3.3.1-downstream\n\nSecurity Fix(es):\n\n* golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)\n\n* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)\n\n* golang: net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:6462",
"url": "https://access.redhat.com/errata/RHSA-2024:6462"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2279814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814"
},
{
"category": "external",
"summary": "2292787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292787"
},
{
"category": "external",
"summary": "2295310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295310"
},
{
"category": "external",
"summary": "COST-5377",
"url": "https://issues.redhat.com/browse/COST-5377"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6462.json"
}
],
"title": "Red Hat Security Advisory: Cost Management enhancement and security update",
"tracking": {
"current_release_date": "2024-09-18T19:39:42+00:00",
"generator": {
"date": "2024-09-18T19:39:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2024:6462",
"initial_release_date": "2024-09-09T00:49:07+00:00",
"revision_history": [
{
"date": "2024-09-09T00:49:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-09-09T00:49:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-18T19:39:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cost Management for RHEL 8",
"product": {
"name": "Cost Management for RHEL 8",
"product_id": "8Base-costmanagement",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cost_management:1::el8"
}
}
}
],
"category": "product_family",
"name": "Cost Management"
},
{
"branches": [
{
"category": "product_version",
"name": "costmanagement/costmanagement-metrics-operator-bundle@sha256:01cab18a6af3cc819a936ce434004d5dce4495474e62bc116643eb753c25cd91_amd64",
"product": {
"name": "costmanagement/costmanagement-metrics-operator-bundle@sha256:01cab18a6af3cc819a936ce434004d5dce4495474e62bc116643eb753c25cd91_amd64",
"product_id": "costmanagement/costmanagement-metrics-operator-bundle@sha256:01cab18a6af3cc819a936ce434004d5dce4495474e62bc116643eb753c25cd91_amd64",
"product_identification_helper": {
"purl": "pkg:oci/costmanagement-metrics-operator-bundle@sha256:01cab18a6af3cc819a936ce434004d5dce4495474e62bc116643eb753c25cd91?arch=amd64\u0026repository_url=registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle\u0026tag=3.3.1-1"
}
}
},
{
"category": "product_version",
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:41bee64a2976b473d83e9a4573d686e994d933d76d2ef05ca2df9b6e5d024f3a_amd64",
"product": {
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:41bee64a2976b473d83e9a4573d686e994d933d76d2ef05ca2df9b6e5d024f3a_amd64",
"product_id": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:41bee64a2976b473d83e9a4573d686e994d933d76d2ef05ca2df9b6e5d024f3a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/costmanagement-metrics-rhel8-operator@sha256:41bee64a2976b473d83e9a4573d686e994d933d76d2ef05ca2df9b6e5d024f3a?arch=amd64\u0026repository_url=registry.redhat.io/costmanagement/costmanagement-metrics-rhel8-operator\u0026tag=3.3.1-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:bd802c5cbcae03ddf46d2271c2c197c870219b28d88854fd7dc750126112d063_ppc64le",
"product": {
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:bd802c5cbcae03ddf46d2271c2c197c870219b28d88854fd7dc750126112d063_ppc64le",
"product_id": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:bd802c5cbcae03ddf46d2271c2c197c870219b28d88854fd7dc750126112d063_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/costmanagement-metrics-rhel8-operator@sha256:bd802c5cbcae03ddf46d2271c2c197c870219b28d88854fd7dc750126112d063?arch=ppc64le\u0026repository_url=registry.redhat.io/costmanagement/costmanagement-metrics-rhel8-operator\u0026tag=3.3.1-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:9df1799ecc1cd2506ff9dbc324565707044fef8c6c7558f042cf88b6a694ad3b_s390x",
"product": {
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:9df1799ecc1cd2506ff9dbc324565707044fef8c6c7558f042cf88b6a694ad3b_s390x",
"product_id": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:9df1799ecc1cd2506ff9dbc324565707044fef8c6c7558f042cf88b6a694ad3b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/costmanagement-metrics-rhel8-operator@sha256:9df1799ecc1cd2506ff9dbc324565707044fef8c6c7558f042cf88b6a694ad3b?arch=s390x\u0026repository_url=registry.redhat.io/costmanagement/costmanagement-metrics-rhel8-operator\u0026tag=3.3.1-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:b513047588aa1473de24ebb84851befbff69d1ee0c3e7d5ed57523f1a97dcb0e_arm64",
"product": {
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:b513047588aa1473de24ebb84851befbff69d1ee0c3e7d5ed57523f1a97dcb0e_arm64",
"product_id": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:b513047588aa1473de24ebb84851befbff69d1ee0c3e7d5ed57523f1a97dcb0e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/costmanagement-metrics-rhel8-operator@sha256:b513047588aa1473de24ebb84851befbff69d1ee0c3e7d5ed57523f1a97dcb0e?arch=arm64\u0026repository_url=registry.redhat.io/costmanagement/costmanagement-metrics-rhel8-operator\u0026tag=3.3.1-1"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "costmanagement/costmanagement-metrics-operator-bundle@sha256:01cab18a6af3cc819a936ce434004d5dce4495474e62bc116643eb753c25cd91_amd64 as a component of Cost Management for RHEL 8",
"product_id": "8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:01cab18a6af3cc819a936ce434004d5dce4495474e62bc116643eb753c25cd91_amd64"
},
"product_reference": "costmanagement/costmanagement-metrics-operator-bundle@sha256:01cab18a6af3cc819a936ce434004d5dce4495474e62bc116643eb753c25cd91_amd64",
"relates_to_product_reference": "8Base-costmanagement"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:41bee64a2976b473d83e9a4573d686e994d933d76d2ef05ca2df9b6e5d024f3a_amd64 as a component of Cost Management for RHEL 8",
"product_id": "8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:41bee64a2976b473d83e9a4573d686e994d933d76d2ef05ca2df9b6e5d024f3a_amd64"
},
"product_reference": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:41bee64a2976b473d83e9a4573d686e994d933d76d2ef05ca2df9b6e5d024f3a_amd64",
"relates_to_product_reference": "8Base-costmanagement"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:9df1799ecc1cd2506ff9dbc324565707044fef8c6c7558f042cf88b6a694ad3b_s390x as a component of Cost Management for RHEL 8",
"product_id": "8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:9df1799ecc1cd2506ff9dbc324565707044fef8c6c7558f042cf88b6a694ad3b_s390x"
},
"product_reference": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:9df1799ecc1cd2506ff9dbc324565707044fef8c6c7558f042cf88b6a694ad3b_s390x",
"relates_to_product_reference": "8Base-costmanagement"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:b513047588aa1473de24ebb84851befbff69d1ee0c3e7d5ed57523f1a97dcb0e_arm64 as a component of Cost Management for RHEL 8",
"product_id": "8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:b513047588aa1473de24ebb84851befbff69d1ee0c3e7d5ed57523f1a97dcb0e_arm64"
},
"product_reference": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:b513047588aa1473de24ebb84851befbff69d1ee0c3e7d5ed57523f1a97dcb0e_arm64",
"relates_to_product_reference": "8Base-costmanagement"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:bd802c5cbcae03ddf46d2271c2c197c870219b28d88854fd7dc750126112d063_ppc64le as a component of Cost Management for RHEL 8",
"product_id": "8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:bd802c5cbcae03ddf46d2271c2c197c870219b28d88854fd7dc750126112d063_ppc64le"
},
"product_reference": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:bd802c5cbcae03ddf46d2271c2c197c870219b28d88854fd7dc750126112d063_ppc64le",
"relates_to_product_reference": "8Base-costmanagement"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24788",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-05-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279814"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: malformed DNS message can cause infinite loop",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:01cab18a6af3cc819a936ce434004d5dce4495474e62bc116643eb753c25cd91_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:41bee64a2976b473d83e9a4573d686e994d933d76d2ef05ca2df9b6e5d024f3a_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:9df1799ecc1cd2506ff9dbc324565707044fef8c6c7558f042cf88b6a694ad3b_s390x",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:b513047588aa1473de24ebb84851befbff69d1ee0c3e7d5ed57523f1a97dcb0e_arm64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:bd802c5cbcae03ddf46d2271c2c197c870219b28d88854fd7dc750126112d063_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24788"
},
{
"category": "external",
"summary": "RHBZ#2279814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24788"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2824",
"url": "https://pkg.go.dev/vuln/GO-2024-2824"
}
],
"release_date": "2024-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:01cab18a6af3cc819a936ce434004d5dce4495474e62bc116643eb753c25cd91_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:41bee64a2976b473d83e9a4573d686e994d933d76d2ef05ca2df9b6e5d024f3a_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:9df1799ecc1cd2506ff9dbc324565707044fef8c6c7558f042cf88b6a694ad3b_s390x",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:b513047588aa1473de24ebb84851befbff69d1ee0c3e7d5ed57523f1a97dcb0e_arm64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:bd802c5cbcae03ddf46d2271c2c197c870219b28d88854fd7dc750126112d063_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:01cab18a6af3cc819a936ce434004d5dce4495474e62bc116643eb753c25cd91_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:41bee64a2976b473d83e9a4573d686e994d933d76d2ef05ca2df9b6e5d024f3a_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:9df1799ecc1cd2506ff9dbc324565707044fef8c6c7558f042cf88b6a694ad3b_s390x",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:b513047588aa1473de24ebb84851befbff69d1ee0c3e7d5ed57523f1a97dcb0e_arm64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:bd802c5cbcae03ddf46d2271c2c197c870219b28d88854fd7dc750126112d063_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:01cab18a6af3cc819a936ce434004d5dce4495474e62bc116643eb753c25cd91_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:41bee64a2976b473d83e9a4573d686e994d933d76d2ef05ca2df9b6e5d024f3a_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:9df1799ecc1cd2506ff9dbc324565707044fef8c6c7558f042cf88b6a694ad3b_s390x",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:b513047588aa1473de24ebb84851befbff69d1ee0c3e7d5ed57523f1a97dcb0e_arm64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:bd802c5cbcae03ddf46d2271c2c197c870219b28d88854fd7dc750126112d063_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: malformed DNS message can cause infinite loop"
},
{
"cve": "CVE-2024-24790",
"cwe": {
"id": "CWE-115",
"name": "Misinterpretation of Input"
},
"discovery_date": "2024-06-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2292787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn\u0027t behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE has been marked as moderate as for our products a network-based attack vector is simply impossible when it comes to golang code,apart from that as per CVE flaw analysis reported by golang, this only affects integrity and confidentiality and has no effect on availability, hence CVSS has been marked as such.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:01cab18a6af3cc819a936ce434004d5dce4495474e62bc116643eb753c25cd91_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:41bee64a2976b473d83e9a4573d686e994d933d76d2ef05ca2df9b6e5d024f3a_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:9df1799ecc1cd2506ff9dbc324565707044fef8c6c7558f042cf88b6a694ad3b_s390x",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:b513047588aa1473de24ebb84851befbff69d1ee0c3e7d5ed57523f1a97dcb0e_arm64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:bd802c5cbcae03ddf46d2271c2c197c870219b28d88854fd7dc750126112d063_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24790"
},
{
"category": "external",
"summary": "RHBZ#2292787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24790"
}
],
"release_date": "2024-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:01cab18a6af3cc819a936ce434004d5dce4495474e62bc116643eb753c25cd91_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:41bee64a2976b473d83e9a4573d686e994d933d76d2ef05ca2df9b6e5d024f3a_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:9df1799ecc1cd2506ff9dbc324565707044fef8c6c7558f042cf88b6a694ad3b_s390x",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:b513047588aa1473de24ebb84851befbff69d1ee0c3e7d5ed57523f1a97dcb0e_arm64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:bd802c5cbcae03ddf46d2271c2c197c870219b28d88854fd7dc750126112d063_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:01cab18a6af3cc819a936ce434004d5dce4495474e62bc116643eb753c25cd91_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:41bee64a2976b473d83e9a4573d686e994d933d76d2ef05ca2df9b6e5d024f3a_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:9df1799ecc1cd2506ff9dbc324565707044fef8c6c7558f042cf88b6a694ad3b_s390x",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:b513047588aa1473de24ebb84851befbff69d1ee0c3e7d5ed57523f1a97dcb0e_arm64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:bd802c5cbcae03ddf46d2271c2c197c870219b28d88854fd7dc750126112d063_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses"
},
{
"cve": "CVE-2024-24791",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-07-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2295310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Denial of service due to improper 100-continue handling in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An attacker would need to control a malicious server and induce a client to connect to it, requiring some amount of preparation outside of the attacker\u0027s control. This reduces the severity score of this flaw to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:01cab18a6af3cc819a936ce434004d5dce4495474e62bc116643eb753c25cd91_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:41bee64a2976b473d83e9a4573d686e994d933d76d2ef05ca2df9b6e5d024f3a_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:9df1799ecc1cd2506ff9dbc324565707044fef8c6c7558f042cf88b6a694ad3b_s390x",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:b513047588aa1473de24ebb84851befbff69d1ee0c3e7d5ed57523f1a97dcb0e_arm64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:bd802c5cbcae03ddf46d2271c2c197c870219b28d88854fd7dc750126112d063_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24791"
},
{
"category": "external",
"summary": "RHBZ#2295310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24791",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24791"
},
{
"category": "external",
"summary": "https://go.dev/cl/591255",
"url": "https://go.dev/cl/591255"
},
{
"category": "external",
"summary": "https://go.dev/issue/67555",
"url": "https://go.dev/issue/67555"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ",
"url": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ"
}
],
"release_date": "2024-07-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:01cab18a6af3cc819a936ce434004d5dce4495474e62bc116643eb753c25cd91_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:41bee64a2976b473d83e9a4573d686e994d933d76d2ef05ca2df9b6e5d024f3a_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:9df1799ecc1cd2506ff9dbc324565707044fef8c6c7558f042cf88b6a694ad3b_s390x",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:b513047588aa1473de24ebb84851befbff69d1ee0c3e7d5ed57523f1a97dcb0e_arm64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:bd802c5cbcae03ddf46d2271c2c197c870219b28d88854fd7dc750126112d063_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:01cab18a6af3cc819a936ce434004d5dce4495474e62bc116643eb753c25cd91_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:41bee64a2976b473d83e9a4573d686e994d933d76d2ef05ca2df9b6e5d024f3a_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:9df1799ecc1cd2506ff9dbc324565707044fef8c6c7558f042cf88b6a694ad3b_s390x",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:b513047588aa1473de24ebb84851befbff69d1ee0c3e7d5ed57523f1a97dcb0e_arm64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:bd802c5cbcae03ddf46d2271c2c197c870219b28d88854fd7dc750126112d063_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Denial of service due to improper 100-continue handling in net/http"
}
]
}
gsd-2024-24791
Vulnerability from gsd
Modified
2024-01-31 06:02
Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-24791"
],
"id": "GSD-2024-24791",
"modified": "2024-01-31T06:02:40.101381Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-24791",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
ghsa-hw49-2p59-3mhj
Vulnerability from github
Published
2024-07-03 00:34
Modified
2024-07-03 00:34
Details
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
{
"affected": [],
"aliases": [
"CVE-2024-24791"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-02T22:15:04Z",
"severity": null
},
"details": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.",
"id": "GHSA-hw49-2p59-3mhj",
"modified": "2024-07-03T00:34:11Z",
"published": "2024-07-03T00:34:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24791"
},
{
"type": "WEB",
"url": "https://go.dev/cl/591255"
},
{
"type": "WEB",
"url": "https://go.dev/issue/67555"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2024-2963"
}
],
"schema_version": "1.4.0",
"severity": []
}
wid-sec-w-2024-1505
Vulnerability from csaf_certbund
Published
2024-07-02 22:00
Modified
2024-07-22 22:00
Summary
Golang Go: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Go ist eine quelloffene Programmiersprache.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Golang Go ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Go ist eine quelloffene Programmiersprache.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Golang Go ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1505 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1505.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1505 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1505"
},
{
"category": "external",
"summary": "GitHub Database vom 2024-07-02",
"url": "https://go.dev/issue/67555"
},
{
"category": "external",
"summary": "Golan Go Release vom 2024-07-02",
"url": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ"
},
{
"category": "external",
"summary": "NIST vom 2024-07-02",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24791"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2294-1 vom 2024-07-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018864.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2295-1 vom 2024-07-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018863.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2309-1 vom 2024-07-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018875.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2308-1 vom 2024-07-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018876.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-5B06C85574 vom 2024-07-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-5b06c85574"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-96A7A68962 vom 2024-07-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-96a7a68962"
},
{
"category": "external",
"summary": "HAProxy Security Update",
"url": "https://www.haproxy.com/blog/cve-2024-24791"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2598 vom 2024-07-23",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2598.html"
}
],
"source_lang": "en-US",
"title": "Golang Go: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2024-07-22T22:00:00.000+00:00",
"generator": {
"date": "2024-07-23T08:03:05.441+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2024-1505",
"initial_release_date": "2024-07-02T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-07-02T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-07-03T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-07-07T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE und Fedora aufgenommen"
},
{
"date": "2024-07-08T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-07-22T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.22.5",
"product": {
"name": "Golang Go \u003c1.22.5",
"product_id": "T035796",
"product_identification_helper": {
"cpe": "cpe:/a:golang:go:1.22.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.21.12",
"product": {
"name": "Golang Go \u003c1.21.12",
"product_id": "T035797",
"product_identification_helper": {
"cpe": "cpe:/a:golang:go:1.21.12"
}
}
}
],
"category": "product_name",
"name": "Go"
}
],
"category": "vendor",
"name": "Golang"
},
{
"branches": [
{
"category": "product_name",
"name": "HAProxy ALOHA",
"product": {
"name": "HAProxy ALOHA",
"product_id": "T035884",
"product_identification_helper": {
"cpe": "cpe:/h:haproxy:aloha:-"
}
}
},
{
"category": "product_name",
"name": "HAProxy Enterprise",
"product": {
"name": "HAProxy Enterprise",
"product_id": "T035885",
"product_identification_helper": {
"cpe": "cpe:/a:haproxy:haproxy:-"
}
}
}
],
"category": "vendor",
"name": "HAProxy"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24791",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Golang Go, da der net/http HTTP/1.1-Client Situationen, in denen ein Server auf eine Anfrage mit einem \"Expect: 100-continue\"-Header mit einem nicht-informativen Status (200 oder h\u00f6her) antwortet, nicht korrekt behandelt und die Client-Verbindung in einem ung\u00fcltigen Zustand bel\u00e4sst. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T002207",
"398363",
"T035885",
"T035884",
"74185"
]
},
"release_date": "2024-07-02T22:00:00Z",
"title": "CVE-2024-24791"
}
]
}
Loading...