rhsa-2024_4126
Vulnerability from csaf_redhat
Published
2024-06-26 14:31
Modified
2024-11-24 15:54
Summary
Red Hat Security Advisory: Red Hat Service Interconnect 1.4.5 Release security update

Notes

Topic
This is release 1.4 of the container images for Red Hat Service Interconnect. Red Hat Service Interconnect 1.4 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application Interconnect enables me to create a service network and it allows geographically distributed services to connect as if they were all running in the same site.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "This is release 1.4 of the container images for Red Hat Service Interconnect. Red Hat Service Interconnect 1.4 introduces a service network, linking TCP and HTTP services across the hybrid cloud.\nA service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application Interconnect enables me to create a service network and it allows geographically distributed services to connect as if they were all running in the same site.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:4126",
        "url": "https://access.redhat.com/errata/RHSA-2024:4126"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_service_interconnect/1.4",
        "url": "https://docs.redhat.com/en/documentation/red_hat_service_interconnect/1.4"
      },
      {
        "category": "external",
        "summary": "2268019",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
      },
      {
        "category": "external",
        "summary": "2268273",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4126.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Service Interconnect 1.4.5 Release security update",
    "tracking": {
      "current_release_date": "2024-11-24T15:54:18+00:00",
      "generator": {
        "date": "2024-11-24T15:54:18+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2024:4126",
      "initial_release_date": "2024-06-26T14:31:27+00:00",
      "revision_history": [
        {
          "date": "2024-06-26T14:31:27+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-06-26T14:31:27+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-24T15:54:18+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "9Base-Service-Interconnect-1.4",
                "product": {
                  "name": "9Base-Service-Interconnect-1.4",
                  "product_id": "9Base-Service-Interconnect-1.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Service Interconnect"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
                "product": {
                  "name": "service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
                  "product_id": "service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-config-sync-rhel9\u0026tag=1.4.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
                "product": {
                  "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
                  "product_id": "service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-flow-collector-rhel9\u0026tag=1.4.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
                "product": {
                  "name": "service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
                  "product_id": "service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-operator-bundle\u0026tag=1.4.5-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
                "product": {
                  "name": "service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
                  "product_id": "service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-router-rhel9\u0026tag=2.4.3-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
                "product": {
                  "name": "service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
                  "product_id": "service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-service-controller-rhel9\u0026tag=1.4.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64",
                "product": {
                  "name": "service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64",
                  "product_id": "service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-site-controller-rhel9\u0026tag=1.4.5-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64"
        },
        "product_reference": "service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64"
        },
        "product_reference": "service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64"
        },
        "product_reference": "service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64"
        },
        "product_reference": "service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64"
        },
        "product_reference": "service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
        },
        "product_reference": "service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Charles Fol"
          ]
        }
      ],
      "cve": "CVE-2024-2961",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2024-04-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2273404"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc\u0027s iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: Out of bounds write in iconv may lead to remote code execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The described vulnerability in the iconv() function of GNU C Library, particularly affecting ISO-2022-CN-EXT character set conversions, poses a important severity issue due to its potential for out-of-bound writes. Such buffer overflows can lead to arbitrary memory corruption, which can be exploited by attackers to execute arbitrary code, crash applications, or overwrite critical data structures, including neighboring variables. Given that the overflow can occur with specific, predictable values through SS2designation and SS3designation escape sequences, an attacker could craft malicious input to specifically trigger these overflows. Exploitation of this vulnerability could result in denial of service, privilege escalation, or even remote code execution, posing a significant threat to the security and integrity of affected systems.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-2961"
        },
        {
          "category": "external",
          "summary": "RHBZ#2273404",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273404"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2961",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2961",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2961"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2024/04/17/9",
          "url": "https://www.openwall.com/lists/oss-security/2024/04/17/9"
        }
      ],
      "release_date": "2024-04-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-26T14:31:27+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4126"
        },
        {
          "category": "workaround",
          "details": "This issue can be mitigated by removing the ISO-2022-CN-EXT from glibc-gconv-extra\u0027s modules configuration. This can be done by:\n\n1) Verify if the module is loaded by running:\n~~~\n$ iconv -l | grep -E \u0027CN-?EXT\u0027\nISO-2022-CN-EXT//\nISO2022CNEXT//\n~~~\n\nIf the grep output looks like the above, ISO-2022-CN-EXT module is enabled.\n\n2) Disabled the module by editing the file located at /usr/lib64/gconv/gconv-modules.d/gconv-modules-extra.conf and comment the following lines. For RHEL 7 the file that needs to be edited is /usr/lib64/gconv/gconv-modules. This step requires to be executed by a privileged user:\n~~~\n#       from                    to                      module          cost\nalias   ISO2022CNEXT//          ISO-2022-CN-EXT//\nmodule  ISO-2022-CN-EXT//       INTERNAL                ISO-2022-CN-EXT 1\nmodule  INTERNAL                ISO-2022-CN-EXT//       ISO-2022-CN-EXT 1\n~~~\n\nFor commenting those lines just add the \u0027#\u0027 character at the beginning of mentioned lines:\n~~~\n#       from                    to                      module          cost\n#alias  ISO2022CNEXT//          ISO-2022-CN-EXT//\n#module ISO-2022-CN-EXT//       INTERNAL                ISO-2022-CN-EXT 1\n#module INTERNAL                ISO-2022-CN-EXT//       ISO-2022-CN-EXT 1\n~~~\n\n3) Update the iconv cache by running:\n~~~\nsudo iconvconfig\n~~~\n\n4) Check if the module was disabled by running the first step again. This time  ISO-2022-CN-EXT should not appear in the output.\n\nPlease notice that disabling the mentioned gconv module may lead applications relying in the affected module to fail in converting characters and should be used as a temporary mitigation before being able to fully update the affected package.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "glibc: Out of bounds write in iconv may lead to remote code execution"
    },
    {
      "cve": "CVE-2024-33599",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2024-04-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2277202"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: stack-based buffer overflow in netgroup cache",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This stack-based buffer overflow vulnerability in nscd presents a important severity issue due to its potential to be exploited by malicious actors to execute arbitrary code or cause denial-of-service (DoS) conditions. By carefully crafting input data, an attacker could manipulate the program\u0027s control flow, leading to unintended behavior such as executing arbitrary commands, escalating privileges, or crashing the application. Since the overflow occurs in a critical system component responsible for caching name service data, exploitation could have far-reaching consequences, including unauthorized access to sensitive information or disruption of essential services.\n\n\nThis issue affects the nscd RPM package and not the glibc RPM package itself. Affected components are tracked by their RPM source package, in this case, the nscd binary package is built from the glibc source package, hence the affected component is glibc.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-33599"
        },
        {
          "category": "external",
          "summary": "RHBZ#2277202",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277202"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-33599",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-33599",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33599"
        }
      ],
      "release_date": "2024-04-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-26T14:31:27+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4126"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "glibc: stack-based buffer overflow in netgroup cache"
    },
    {
      "cve": "CVE-2024-33600",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2024-04-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2277204"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: null pointer dereferences after failed netgroup cache insertion",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The flaw identified in the glibc netgroup cache constitutes a moderate severity issue due to its potential to trigger null pointer dereferences, leading to program crashes or exits. While null pointer dereferences can cause disruptions to system operations and possibly result in denial-of-service conditions, their impact is limited primarily to the affected process or application instance. However, the risk of exploitation may vary depending on the context of system usage. Systems that heavily rely on netgroup functionality may be more susceptible to exploitation, particularly if malicious actors can manipulate network traffic to trigger the vulnerability.\n\n\nThis issue affects the nscd RPM package and not the glibc RPM package itself. Affected components are tracked by their RPM source package, in this case, the nscd binary package is built from the glibc source package, hence the affected component is glibc.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-33600"
        },
        {
          "category": "external",
          "summary": "RHBZ#2277204",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277204"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-33600",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-33600",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33600"
        }
      ],
      "release_date": "2024-04-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-26T14:31:27+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4126"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glibc: null pointer dereferences after failed netgroup cache insertion"
    },
    {
      "cve": "CVE-2024-33601",
      "cwe": {
        "id": "CWE-703",
        "name": "Improper Check or Handling of Exceptional Conditions"
      },
      "discovery_date": "2024-04-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2277205"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: netgroup cache may terminate daemon on memory allocation failure",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The flaw in the glibc netgroup cache, while concerning, is categorized as a low severity issue due to several factors. Firstly, the exploitation of this vulnerability requires specific conditions, such as a memory allocation failure within the netgroup cache, which may not occur frequently in typical usage scenarios. Additionally, the impact of such failures is limited to the termination of the affected process, rather than facilitating unauthorized access or data manipulation. Furthermore, the likelihood of successful exploitation and the potential for widespread harm are comparatively low, given the specific nature of the vulnerability and its constrained impact.\n\n\nThis issue affects the nscd RPM package and not the glibc RPM package itself. Affected components are tracked by their RPM source package, in this case, the nscd binary package is built from the glibc source package, hence the affected component is glibc.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-33601"
        },
        {
          "category": "external",
          "summary": "RHBZ#2277205",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277205"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-33601",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-33601",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33601"
        }
      ],
      "release_date": "2024-04-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-26T14:31:27+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4126"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "glibc: netgroup cache may terminate daemon on memory allocation failure"
    },
    {
      "cve": "CVE-2024-33602",
      "cwe": {
        "id": "CWE-703",
        "name": "Improper Check or Handling of Exceptional Conditions"
      },
      "discovery_date": "2024-04-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2277206"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: netgroup cache assumes NSS callback uses in-buffer strings",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The identified flaw in the glibc netgroup cache, while significant in its potential to cause memory corruption and crashes, may be categorized as a low severity issue due to several factors. Firstly, the exploitation of this vulnerability requires specific conditions to be met, such as the presence of netgroup-related functionality and the ability to manipulate memory within the target system. Secondly, the impact of the vulnerability is limited to the context of the affected application or system component, rather than posing a system-wide or network-wide threat.\n\n\nThis issue affects the nscd RPM package and not the glibc RPM package itself. Affected components are tracked by their RPM source package, in this case, the nscd binary package is built from the glibc source package, hence the affected component is glibc.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-33602"
        },
        {
          "category": "external",
          "summary": "RHBZ#2277206",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277206"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-33602",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-33602",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33602"
        }
      ],
      "release_date": "2024-04-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-26T14:31:27+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4126"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "glibc: netgroup cache assumes NSS callback uses in-buffer strings"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.