csaf_redhat - rhsa-2024

rhsa-2024_4697

Vulnerability from csaf_redhat

Published

2024-07-22 10:11

Modified

2024-11-13 18:18

Summary

Red Hat Security Advisory: Red Hat build of Cryostat security update

Notes

Topic

An update is now available for the Red Hat build of Cryostat 3 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

An update is now available for the Red Hat build of Cryostat 3 on RHEL 8. Security Fix(es): * golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788) * golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.\n\nSecurity Fix(es):\n\n* golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)\n\n* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:4697",
        "url": "https://access.redhat.com/errata/RHSA-2024:4697"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2279814",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814"
      },
      {
        "category": "external",
        "summary": "2292787",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292787"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4697.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat build of Cryostat security update",
    "tracking": {
      "current_release_date": "2024-11-13T18:18:09+00:00",
      "generator": {
        "date": "2024-11-13T18:18:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2024:4697",
      "initial_release_date": "2024-07-22T10:11:20+00:00",
      "revision_history": [
        {
          "date": "2024-07-22T10:11:20+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-07-22T10:11:20+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-13T18:18:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Cryostat 3 on RHEL 8",
                "product": {
                  "name": "Cryostat 3 on RHEL 8",
                  "product_id": "8Base-Cryostat-3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:cryostat:3::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Cryostat"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:40623b160d9d1ec30e568a5f2465e973731d7075a75e9494c57f427c80851a58_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:40623b160d9d1ec30e568a5f2465e973731d7075a75e9494c57f427c80851a58_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-db-rhel8@sha256:40623b160d9d1ec30e568a5f2465e973731d7075a75e9494c57f427c80851a58_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-db-rhel8@sha256:40623b160d9d1ec30e568a5f2465e973731d7075a75e9494c57f427c80851a58?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-db-rhel8\u0026tag=3.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f32c3f4c83f36f02b43a1134e2b443a15314d514a95920c4a1753fc710b1361c_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f32c3f4c83f36f02b43a1134e2b443a15314d514a95920c4a1753fc710b1361c_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f32c3f4c83f36f02b43a1134e2b443a15314d514a95920c4a1753fc710b1361c_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:f32c3f4c83f36f02b43a1134e2b443a15314d514a95920c4a1753fc710b1361c?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=3.0.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:f57d01c58423176fdca76af6b4e6d2672b2f7c2cc093e7da317ee5931093dcf8_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:f57d01c58423176fdca76af6b4e6d2672b2f7c2cc093e7da317ee5931093dcf8_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:f57d01c58423176fdca76af6b4e6d2672b2f7c2cc093e7da317ee5931093dcf8_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel8@sha256:f57d01c58423176fdca76af6b4e6d2672b2f7c2cc093e7da317ee5931093dcf8?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8\u0026tag=3.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:e4920c127c4ece8796ace167a6032b6afe7b684731782cfa6e9cf376f660f674_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:e4920c127c4ece8796ace167a6032b6afe7b684731782cfa6e9cf376f660f674_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:e4920c127c4ece8796ace167a6032b6afe7b684731782cfa6e9cf376f660f674_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-reports-rhel8@sha256:e4920c127c4ece8796ace167a6032b6afe7b684731782cfa6e9cf376f660f674?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=3.0.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-rhel8@sha256:5e7f6388263e592f90d50283678f48825b280b53a2eba722239c7a77a4451b09_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-rhel8@sha256:5e7f6388263e592f90d50283678f48825b280b53a2eba722239c7a77a4451b09_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:5e7f6388263e592f90d50283678f48825b280b53a2eba722239c7a77a4451b09_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel8@sha256:5e7f6388263e592f90d50283678f48825b280b53a2eba722239c7a77a4451b09?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=3.0.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:b2691ae75ad89d02d7d746b9ef13706df5036a724a8ac4de6880c056bd969f5a_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:b2691ae75ad89d02d7d746b9ef13706df5036a724a8ac4de6880c056bd969f5a_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:b2691ae75ad89d02d7d746b9ef13706df5036a724a8ac4de6880c056bd969f5a_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-operator-bundle@sha256:b2691ae75ad89d02d7d746b9ef13706df5036a724a8ac4de6880c056bd969f5a?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=3.0.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:cd80dde7f240ed7d600bd869bc32dadeca137b5ab6d1d6d9e8de5c6b71070c34_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:cd80dde7f240ed7d600bd869bc32dadeca137b5ab6d1d6d9e8de5c6b71070c34_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:cd80dde7f240ed7d600bd869bc32dadeca137b5ab6d1d6d9e8de5c6b71070c34_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel8-operator@sha256:cd80dde7f240ed7d600bd869bc32dadeca137b5ab6d1d6d9e8de5c6b71070c34?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=3.0.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:70c748f3d61253536ee609f0362cce0a1537251bf2ec3d3f4bf7b0d4c002bf67_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:70c748f3d61253536ee609f0362cce0a1537251bf2ec3d3f4bf7b0d4c002bf67_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:70c748f3d61253536ee609f0362cce0a1537251bf2ec3d3f4bf7b0d4c002bf67_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-storage-rhel8@sha256:70c748f3d61253536ee609f0362cce0a1537251bf2ec3d3f4bf7b0d4c002bf67?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-storage-rhel8\u0026tag=3.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:3755f9226007651bfb010ab235f039b715e8268666133eda974fba742372f1fe_arm64",
                "product": {
                  "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:3755f9226007651bfb010ab235f039b715e8268666133eda974fba742372f1fe_arm64",
                  "product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:3755f9226007651bfb010ab235f039b715e8268666133eda974fba742372f1fe_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jfr-datasource-rhel8@sha256:3755f9226007651bfb010ab235f039b715e8268666133eda974fba742372f1fe?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=3.0.0-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:fd46ca2d4426dfb665744232cd43fdf822b1d10ceee56c8a4423eb32f2b02d22_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:fd46ca2d4426dfb665744232cd43fdf822b1d10ceee56c8a4423eb32f2b02d22_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-db-rhel8@sha256:fd46ca2d4426dfb665744232cd43fdf822b1d10ceee56c8a4423eb32f2b02d22_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-db-rhel8@sha256:fd46ca2d4426dfb665744232cd43fdf822b1d10ceee56c8a4423eb32f2b02d22?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-db-rhel8\u0026tag=3.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f66483faeac9a40cde6071f8a1dbdb94e7925df468b5726c206d10d25bc2f49c_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f66483faeac9a40cde6071f8a1dbdb94e7925df468b5726c206d10d25bc2f49c_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f66483faeac9a40cde6071f8a1dbdb94e7925df468b5726c206d10d25bc2f49c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:f66483faeac9a40cde6071f8a1dbdb94e7925df468b5726c206d10d25bc2f49c?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=3.0.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:cdf9f0cf5617e77b3aea6e1f5097acfcd48c918c6bb57fc84af7a1f20be40d9a_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:cdf9f0cf5617e77b3aea6e1f5097acfcd48c918c6bb57fc84af7a1f20be40d9a_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:cdf9f0cf5617e77b3aea6e1f5097acfcd48c918c6bb57fc84af7a1f20be40d9a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel8@sha256:cdf9f0cf5617e77b3aea6e1f5097acfcd48c918c6bb57fc84af7a1f20be40d9a?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8\u0026tag=3.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:50099a32dd268be7db0e870819705fee473c3c83f213361d2a1ecf4660287c16_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:50099a32dd268be7db0e870819705fee473c3c83f213361d2a1ecf4660287c16_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:50099a32dd268be7db0e870819705fee473c3c83f213361d2a1ecf4660287c16_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-reports-rhel8@sha256:50099a32dd268be7db0e870819705fee473c3c83f213361d2a1ecf4660287c16?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=3.0.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-rhel8@sha256:4a49628cbab41240fbe372971e86b32bb6bbd5fbe7143fbbde903f5f36d0e6e0_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-rhel8@sha256:4a49628cbab41240fbe372971e86b32bb6bbd5fbe7143fbbde903f5f36d0e6e0_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:4a49628cbab41240fbe372971e86b32bb6bbd5fbe7143fbbde903f5f36d0e6e0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel8@sha256:4a49628cbab41240fbe372971e86b32bb6bbd5fbe7143fbbde903f5f36d0e6e0?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=3.0.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:76e44b49523e3d243d1d73d9790d0941213a03f270b1e76afe07c48e51f15146_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:76e44b49523e3d243d1d73d9790d0941213a03f270b1e76afe07c48e51f15146_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:76e44b49523e3d243d1d73d9790d0941213a03f270b1e76afe07c48e51f15146_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-operator-bundle@sha256:76e44b49523e3d243d1d73d9790d0941213a03f270b1e76afe07c48e51f15146?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=3.0.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:13eeb08ff96d003bc6eb05be4ce000a34456f7b101f84a58c95ca0df8cd76182_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:13eeb08ff96d003bc6eb05be4ce000a34456f7b101f84a58c95ca0df8cd76182_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:13eeb08ff96d003bc6eb05be4ce000a34456f7b101f84a58c95ca0df8cd76182_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel8-operator@sha256:13eeb08ff96d003bc6eb05be4ce000a34456f7b101f84a58c95ca0df8cd76182?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=3.0.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:653f2cce1486cd628cd9fd679ac308e029a01b8e3a6b284efc35538bc99f87b4_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:653f2cce1486cd628cd9fd679ac308e029a01b8e3a6b284efc35538bc99f87b4_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:653f2cce1486cd628cd9fd679ac308e029a01b8e3a6b284efc35538bc99f87b4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-storage-rhel8@sha256:653f2cce1486cd628cd9fd679ac308e029a01b8e3a6b284efc35538bc99f87b4?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-storage-rhel8\u0026tag=3.0.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:bc318bc151465d4672c6c07d7535bec2e40d97f7c8d158eefff1f63e242212dd_amd64",
                "product": {
                  "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:bc318bc151465d4672c6c07d7535bec2e40d97f7c8d158eefff1f63e242212dd_amd64",
                  "product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:bc318bc151465d4672c6c07d7535bec2e40d97f7c8d158eefff1f63e242212dd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jfr-datasource-rhel8@sha256:bc318bc151465d4672c6c07d7535bec2e40d97f7c8d158eefff1f63e242212dd?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=3.0.0-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:40623b160d9d1ec30e568a5f2465e973731d7075a75e9494c57f427c80851a58_arm64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:40623b160d9d1ec30e568a5f2465e973731d7075a75e9494c57f427c80851a58_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-db-rhel8@sha256:40623b160d9d1ec30e568a5f2465e973731d7075a75e9494c57f427c80851a58_arm64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:fd46ca2d4426dfb665744232cd43fdf822b1d10ceee56c8a4423eb32f2b02d22_amd64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:fd46ca2d4426dfb665744232cd43fdf822b1d10ceee56c8a4423eb32f2b02d22_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-db-rhel8@sha256:fd46ca2d4426dfb665744232cd43fdf822b1d10ceee56c8a4423eb32f2b02d22_amd64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f32c3f4c83f36f02b43a1134e2b443a15314d514a95920c4a1753fc710b1361c_arm64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f32c3f4c83f36f02b43a1134e2b443a15314d514a95920c4a1753fc710b1361c_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f32c3f4c83f36f02b43a1134e2b443a15314d514a95920c4a1753fc710b1361c_arm64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f66483faeac9a40cde6071f8a1dbdb94e7925df468b5726c206d10d25bc2f49c_amd64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f66483faeac9a40cde6071f8a1dbdb94e7925df468b5726c206d10d25bc2f49c_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f66483faeac9a40cde6071f8a1dbdb94e7925df468b5726c206d10d25bc2f49c_amd64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:76e44b49523e3d243d1d73d9790d0941213a03f270b1e76afe07c48e51f15146_amd64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:76e44b49523e3d243d1d73d9790d0941213a03f270b1e76afe07c48e51f15146_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:76e44b49523e3d243d1d73d9790d0941213a03f270b1e76afe07c48e51f15146_amd64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:b2691ae75ad89d02d7d746b9ef13706df5036a724a8ac4de6880c056bd969f5a_arm64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:b2691ae75ad89d02d7d746b9ef13706df5036a724a8ac4de6880c056bd969f5a_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:b2691ae75ad89d02d7d746b9ef13706df5036a724a8ac4de6880c056bd969f5a_arm64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:cdf9f0cf5617e77b3aea6e1f5097acfcd48c918c6bb57fc84af7a1f20be40d9a_amd64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:cdf9f0cf5617e77b3aea6e1f5097acfcd48c918c6bb57fc84af7a1f20be40d9a_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:cdf9f0cf5617e77b3aea6e1f5097acfcd48c918c6bb57fc84af7a1f20be40d9a_amd64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:f57d01c58423176fdca76af6b4e6d2672b2f7c2cc093e7da317ee5931093dcf8_arm64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:f57d01c58423176fdca76af6b4e6d2672b2f7c2cc093e7da317ee5931093dcf8_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:f57d01c58423176fdca76af6b4e6d2672b2f7c2cc093e7da317ee5931093dcf8_arm64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:50099a32dd268be7db0e870819705fee473c3c83f213361d2a1ecf4660287c16_amd64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:50099a32dd268be7db0e870819705fee473c3c83f213361d2a1ecf4660287c16_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:50099a32dd268be7db0e870819705fee473c3c83f213361d2a1ecf4660287c16_amd64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:e4920c127c4ece8796ace167a6032b6afe7b684731782cfa6e9cf376f660f674_arm64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:e4920c127c4ece8796ace167a6032b6afe7b684731782cfa6e9cf376f660f674_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:e4920c127c4ece8796ace167a6032b6afe7b684731782cfa6e9cf376f660f674_arm64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:13eeb08ff96d003bc6eb05be4ce000a34456f7b101f84a58c95ca0df8cd76182_amd64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:13eeb08ff96d003bc6eb05be4ce000a34456f7b101f84a58c95ca0df8cd76182_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:13eeb08ff96d003bc6eb05be4ce000a34456f7b101f84a58c95ca0df8cd76182_amd64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:cd80dde7f240ed7d600bd869bc32dadeca137b5ab6d1d6d9e8de5c6b71070c34_arm64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:cd80dde7f240ed7d600bd869bc32dadeca137b5ab6d1d6d9e8de5c6b71070c34_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:cd80dde7f240ed7d600bd869bc32dadeca137b5ab6d1d6d9e8de5c6b71070c34_arm64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-rhel8@sha256:4a49628cbab41240fbe372971e86b32bb6bbd5fbe7143fbbde903f5f36d0e6e0_amd64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:4a49628cbab41240fbe372971e86b32bb6bbd5fbe7143fbbde903f5f36d0e6e0_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:4a49628cbab41240fbe372971e86b32bb6bbd5fbe7143fbbde903f5f36d0e6e0_amd64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-rhel8@sha256:5e7f6388263e592f90d50283678f48825b280b53a2eba722239c7a77a4451b09_arm64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:5e7f6388263e592f90d50283678f48825b280b53a2eba722239c7a77a4451b09_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:5e7f6388263e592f90d50283678f48825b280b53a2eba722239c7a77a4451b09_arm64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:653f2cce1486cd628cd9fd679ac308e029a01b8e3a6b284efc35538bc99f87b4_amd64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:653f2cce1486cd628cd9fd679ac308e029a01b8e3a6b284efc35538bc99f87b4_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:653f2cce1486cd628cd9fd679ac308e029a01b8e3a6b284efc35538bc99f87b4_amd64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:70c748f3d61253536ee609f0362cce0a1537251bf2ec3d3f4bf7b0d4c002bf67_arm64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:70c748f3d61253536ee609f0362cce0a1537251bf2ec3d3f4bf7b0d4c002bf67_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:70c748f3d61253536ee609f0362cce0a1537251bf2ec3d3f4bf7b0d4c002bf67_arm64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:3755f9226007651bfb010ab235f039b715e8268666133eda974fba742372f1fe_arm64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:3755f9226007651bfb010ab235f039b715e8268666133eda974fba742372f1fe_arm64"
        },
        "product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:3755f9226007651bfb010ab235f039b715e8268666133eda974fba742372f1fe_arm64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:bc318bc151465d4672c6c07d7535bec2e40d97f7c8d158eefff1f63e242212dd_amd64 as a component of Cryostat 3 on RHEL 8",
          "product_id": "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:bc318bc151465d4672c6c07d7535bec2e40d97f7c8d158eefff1f63e242212dd_amd64"
        },
        "product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:bc318bc151465d4672c6c07d7535bec2e40d97f7c8d158eefff1f63e242212dd_amd64",
        "relates_to_product_reference": "8Base-Cryostat-3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-24788",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2024-05-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2279814"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net: malformed DNS message can cause infinite loop",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:40623b160d9d1ec30e568a5f2465e973731d7075a75e9494c57f427c80851a58_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:fd46ca2d4426dfb665744232cd43fdf822b1d10ceee56c8a4423eb32f2b02d22_amd64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f32c3f4c83f36f02b43a1134e2b443a15314d514a95920c4a1753fc710b1361c_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f66483faeac9a40cde6071f8a1dbdb94e7925df468b5726c206d10d25bc2f49c_amd64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:76e44b49523e3d243d1d73d9790d0941213a03f270b1e76afe07c48e51f15146_amd64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:b2691ae75ad89d02d7d746b9ef13706df5036a724a8ac4de6880c056bd969f5a_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:cdf9f0cf5617e77b3aea6e1f5097acfcd48c918c6bb57fc84af7a1f20be40d9a_amd64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:f57d01c58423176fdca76af6b4e6d2672b2f7c2cc093e7da317ee5931093dcf8_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:50099a32dd268be7db0e870819705fee473c3c83f213361d2a1ecf4660287c16_amd64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:e4920c127c4ece8796ace167a6032b6afe7b684731782cfa6e9cf376f660f674_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:13eeb08ff96d003bc6eb05be4ce000a34456f7b101f84a58c95ca0df8cd76182_amd64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:cd80dde7f240ed7d600bd869bc32dadeca137b5ab6d1d6d9e8de5c6b71070c34_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:4a49628cbab41240fbe372971e86b32bb6bbd5fbe7143fbbde903f5f36d0e6e0_amd64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:5e7f6388263e592f90d50283678f48825b280b53a2eba722239c7a77a4451b09_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:653f2cce1486cd628cd9fd679ac308e029a01b8e3a6b284efc35538bc99f87b4_amd64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:70c748f3d61253536ee609f0362cce0a1537251bf2ec3d3f4bf7b0d4c002bf67_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:3755f9226007651bfb010ab235f039b715e8268666133eda974fba742372f1fe_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:bc318bc151465d4672c6c07d7535bec2e40d97f7c8d158eefff1f63e242212dd_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-24788"
        },
        {
          "category": "external",
          "summary": "RHBZ#2279814",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24788",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24788",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24788"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2024-2824",
          "url": "https://pkg.go.dev/vuln/GO-2024-2824"
        }
      ],
      "release_date": "2024-05-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-07-22T10:11:20+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:40623b160d9d1ec30e568a5f2465e973731d7075a75e9494c57f427c80851a58_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:fd46ca2d4426dfb665744232cd43fdf822b1d10ceee56c8a4423eb32f2b02d22_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f32c3f4c83f36f02b43a1134e2b443a15314d514a95920c4a1753fc710b1361c_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f66483faeac9a40cde6071f8a1dbdb94e7925df468b5726c206d10d25bc2f49c_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:76e44b49523e3d243d1d73d9790d0941213a03f270b1e76afe07c48e51f15146_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:b2691ae75ad89d02d7d746b9ef13706df5036a724a8ac4de6880c056bd969f5a_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:cdf9f0cf5617e77b3aea6e1f5097acfcd48c918c6bb57fc84af7a1f20be40d9a_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:f57d01c58423176fdca76af6b4e6d2672b2f7c2cc093e7da317ee5931093dcf8_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:50099a32dd268be7db0e870819705fee473c3c83f213361d2a1ecf4660287c16_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:e4920c127c4ece8796ace167a6032b6afe7b684731782cfa6e9cf376f660f674_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:13eeb08ff96d003bc6eb05be4ce000a34456f7b101f84a58c95ca0df8cd76182_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:cd80dde7f240ed7d600bd869bc32dadeca137b5ab6d1d6d9e8de5c6b71070c34_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:4a49628cbab41240fbe372971e86b32bb6bbd5fbe7143fbbde903f5f36d0e6e0_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:5e7f6388263e592f90d50283678f48825b280b53a2eba722239c7a77a4451b09_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:653f2cce1486cd628cd9fd679ac308e029a01b8e3a6b284efc35538bc99f87b4_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:70c748f3d61253536ee609f0362cce0a1537251bf2ec3d3f4bf7b0d4c002bf67_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:3755f9226007651bfb010ab235f039b715e8268666133eda974fba742372f1fe_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:bc318bc151465d4672c6c07d7535bec2e40d97f7c8d158eefff1f63e242212dd_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4697"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:40623b160d9d1ec30e568a5f2465e973731d7075a75e9494c57f427c80851a58_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:fd46ca2d4426dfb665744232cd43fdf822b1d10ceee56c8a4423eb32f2b02d22_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f32c3f4c83f36f02b43a1134e2b443a15314d514a95920c4a1753fc710b1361c_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f66483faeac9a40cde6071f8a1dbdb94e7925df468b5726c206d10d25bc2f49c_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:76e44b49523e3d243d1d73d9790d0941213a03f270b1e76afe07c48e51f15146_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:b2691ae75ad89d02d7d746b9ef13706df5036a724a8ac4de6880c056bd969f5a_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:cdf9f0cf5617e77b3aea6e1f5097acfcd48c918c6bb57fc84af7a1f20be40d9a_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:f57d01c58423176fdca76af6b4e6d2672b2f7c2cc093e7da317ee5931093dcf8_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:50099a32dd268be7db0e870819705fee473c3c83f213361d2a1ecf4660287c16_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:e4920c127c4ece8796ace167a6032b6afe7b684731782cfa6e9cf376f660f674_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:13eeb08ff96d003bc6eb05be4ce000a34456f7b101f84a58c95ca0df8cd76182_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:cd80dde7f240ed7d600bd869bc32dadeca137b5ab6d1d6d9e8de5c6b71070c34_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:4a49628cbab41240fbe372971e86b32bb6bbd5fbe7143fbbde903f5f36d0e6e0_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:5e7f6388263e592f90d50283678f48825b280b53a2eba722239c7a77a4451b09_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:653f2cce1486cd628cd9fd679ac308e029a01b8e3a6b284efc35538bc99f87b4_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:70c748f3d61253536ee609f0362cce0a1537251bf2ec3d3f4bf7b0d4c002bf67_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:3755f9226007651bfb010ab235f039b715e8268666133eda974fba742372f1fe_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:bc318bc151465d4672c6c07d7535bec2e40d97f7c8d158eefff1f63e242212dd_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:40623b160d9d1ec30e568a5f2465e973731d7075a75e9494c57f427c80851a58_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:fd46ca2d4426dfb665744232cd43fdf822b1d10ceee56c8a4423eb32f2b02d22_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f32c3f4c83f36f02b43a1134e2b443a15314d514a95920c4a1753fc710b1361c_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f66483faeac9a40cde6071f8a1dbdb94e7925df468b5726c206d10d25bc2f49c_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:76e44b49523e3d243d1d73d9790d0941213a03f270b1e76afe07c48e51f15146_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:b2691ae75ad89d02d7d746b9ef13706df5036a724a8ac4de6880c056bd969f5a_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:cdf9f0cf5617e77b3aea6e1f5097acfcd48c918c6bb57fc84af7a1f20be40d9a_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:f57d01c58423176fdca76af6b4e6d2672b2f7c2cc093e7da317ee5931093dcf8_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:50099a32dd268be7db0e870819705fee473c3c83f213361d2a1ecf4660287c16_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:e4920c127c4ece8796ace167a6032b6afe7b684731782cfa6e9cf376f660f674_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:13eeb08ff96d003bc6eb05be4ce000a34456f7b101f84a58c95ca0df8cd76182_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:cd80dde7f240ed7d600bd869bc32dadeca137b5ab6d1d6d9e8de5c6b71070c34_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:4a49628cbab41240fbe372971e86b32bb6bbd5fbe7143fbbde903f5f36d0e6e0_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:5e7f6388263e592f90d50283678f48825b280b53a2eba722239c7a77a4451b09_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:653f2cce1486cd628cd9fd679ac308e029a01b8e3a6b284efc35538bc99f87b4_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:70c748f3d61253536ee609f0362cce0a1537251bf2ec3d3f4bf7b0d4c002bf67_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:3755f9226007651bfb010ab235f039b715e8268666133eda974fba742372f1fe_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:bc318bc151465d4672c6c07d7535bec2e40d97f7c8d158eefff1f63e242212dd_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net: malformed DNS message can cause infinite loop"
    },
    {
      "cve": "CVE-2024-24790",
      "cwe": {
        "id": "CWE-115",
        "name": "Misinterpretation of Input"
      },
      "discovery_date": "2024-06-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2292787"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn\u0027t behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE has been marked as moderate as for our products a network-based attack vector is simply impossible when it comes to golang code,apart from that as per CVE flaw analysis reported by golang, this only affects integrity and confidentiality and has no effect on availability, hence CVSS has been marked as such.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:40623b160d9d1ec30e568a5f2465e973731d7075a75e9494c57f427c80851a58_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:fd46ca2d4426dfb665744232cd43fdf822b1d10ceee56c8a4423eb32f2b02d22_amd64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f32c3f4c83f36f02b43a1134e2b443a15314d514a95920c4a1753fc710b1361c_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f66483faeac9a40cde6071f8a1dbdb94e7925df468b5726c206d10d25bc2f49c_amd64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:76e44b49523e3d243d1d73d9790d0941213a03f270b1e76afe07c48e51f15146_amd64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:b2691ae75ad89d02d7d746b9ef13706df5036a724a8ac4de6880c056bd969f5a_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:cdf9f0cf5617e77b3aea6e1f5097acfcd48c918c6bb57fc84af7a1f20be40d9a_amd64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:f57d01c58423176fdca76af6b4e6d2672b2f7c2cc093e7da317ee5931093dcf8_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:50099a32dd268be7db0e870819705fee473c3c83f213361d2a1ecf4660287c16_amd64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:e4920c127c4ece8796ace167a6032b6afe7b684731782cfa6e9cf376f660f674_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:13eeb08ff96d003bc6eb05be4ce000a34456f7b101f84a58c95ca0df8cd76182_amd64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:cd80dde7f240ed7d600bd869bc32dadeca137b5ab6d1d6d9e8de5c6b71070c34_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:4a49628cbab41240fbe372971e86b32bb6bbd5fbe7143fbbde903f5f36d0e6e0_amd64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:5e7f6388263e592f90d50283678f48825b280b53a2eba722239c7a77a4451b09_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:653f2cce1486cd628cd9fd679ac308e029a01b8e3a6b284efc35538bc99f87b4_amd64",
          "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:70c748f3d61253536ee609f0362cce0a1537251bf2ec3d3f4bf7b0d4c002bf67_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:3755f9226007651bfb010ab235f039b715e8268666133eda974fba742372f1fe_arm64",
          "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:bc318bc151465d4672c6c07d7535bec2e40d97f7c8d158eefff1f63e242212dd_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-24790"
        },
        {
          "category": "external",
          "summary": "RHBZ#2292787",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292787"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24790",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24790",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24790"
        }
      ],
      "release_date": "2024-06-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-07-22T10:11:20+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:40623b160d9d1ec30e568a5f2465e973731d7075a75e9494c57f427c80851a58_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:fd46ca2d4426dfb665744232cd43fdf822b1d10ceee56c8a4423eb32f2b02d22_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f32c3f4c83f36f02b43a1134e2b443a15314d514a95920c4a1753fc710b1361c_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f66483faeac9a40cde6071f8a1dbdb94e7925df468b5726c206d10d25bc2f49c_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:76e44b49523e3d243d1d73d9790d0941213a03f270b1e76afe07c48e51f15146_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:b2691ae75ad89d02d7d746b9ef13706df5036a724a8ac4de6880c056bd969f5a_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:cdf9f0cf5617e77b3aea6e1f5097acfcd48c918c6bb57fc84af7a1f20be40d9a_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:f57d01c58423176fdca76af6b4e6d2672b2f7c2cc093e7da317ee5931093dcf8_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:50099a32dd268be7db0e870819705fee473c3c83f213361d2a1ecf4660287c16_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:e4920c127c4ece8796ace167a6032b6afe7b684731782cfa6e9cf376f660f674_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:13eeb08ff96d003bc6eb05be4ce000a34456f7b101f84a58c95ca0df8cd76182_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:cd80dde7f240ed7d600bd869bc32dadeca137b5ab6d1d6d9e8de5c6b71070c34_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:4a49628cbab41240fbe372971e86b32bb6bbd5fbe7143fbbde903f5f36d0e6e0_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:5e7f6388263e592f90d50283678f48825b280b53a2eba722239c7a77a4451b09_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:653f2cce1486cd628cd9fd679ac308e029a01b8e3a6b284efc35538bc99f87b4_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:70c748f3d61253536ee609f0362cce0a1537251bf2ec3d3f4bf7b0d4c002bf67_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:3755f9226007651bfb010ab235f039b715e8268666133eda974fba742372f1fe_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:bc318bc151465d4672c6c07d7535bec2e40d97f7c8d158eefff1f63e242212dd_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4697"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:40623b160d9d1ec30e568a5f2465e973731d7075a75e9494c57f427c80851a58_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:fd46ca2d4426dfb665744232cd43fdf822b1d10ceee56c8a4423eb32f2b02d22_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f32c3f4c83f36f02b43a1134e2b443a15314d514a95920c4a1753fc710b1361c_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f66483faeac9a40cde6071f8a1dbdb94e7925df468b5726c206d10d25bc2f49c_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:76e44b49523e3d243d1d73d9790d0941213a03f270b1e76afe07c48e51f15146_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:b2691ae75ad89d02d7d746b9ef13706df5036a724a8ac4de6880c056bd969f5a_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:cdf9f0cf5617e77b3aea6e1f5097acfcd48c918c6bb57fc84af7a1f20be40d9a_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:f57d01c58423176fdca76af6b4e6d2672b2f7c2cc093e7da317ee5931093dcf8_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:50099a32dd268be7db0e870819705fee473c3c83f213361d2a1ecf4660287c16_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:e4920c127c4ece8796ace167a6032b6afe7b684731782cfa6e9cf376f660f674_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:13eeb08ff96d003bc6eb05be4ce000a34456f7b101f84a58c95ca0df8cd76182_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:cd80dde7f240ed7d600bd869bc32dadeca137b5ab6d1d6d9e8de5c6b71070c34_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:4a49628cbab41240fbe372971e86b32bb6bbd5fbe7143fbbde903f5f36d0e6e0_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:5e7f6388263e592f90d50283678f48825b280b53a2eba722239c7a77a4451b09_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:653f2cce1486cd628cd9fd679ac308e029a01b8e3a6b284efc35538bc99f87b4_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:70c748f3d61253536ee609f0362cce0a1537251bf2ec3d3f4bf7b0d4c002bf67_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:3755f9226007651bfb010ab235f039b715e8268666133eda974fba742372f1fe_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:bc318bc151465d4672c6c07d7535bec2e40d97f7c8d158eefff1f63e242212dd_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:40623b160d9d1ec30e568a5f2465e973731d7075a75e9494c57f427c80851a58_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:fd46ca2d4426dfb665744232cd43fdf822b1d10ceee56c8a4423eb32f2b02d22_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f32c3f4c83f36f02b43a1134e2b443a15314d514a95920c4a1753fc710b1361c_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:f66483faeac9a40cde6071f8a1dbdb94e7925df468b5726c206d10d25bc2f49c_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:76e44b49523e3d243d1d73d9790d0941213a03f270b1e76afe07c48e51f15146_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:b2691ae75ad89d02d7d746b9ef13706df5036a724a8ac4de6880c056bd969f5a_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:cdf9f0cf5617e77b3aea6e1f5097acfcd48c918c6bb57fc84af7a1f20be40d9a_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:f57d01c58423176fdca76af6b4e6d2672b2f7c2cc093e7da317ee5931093dcf8_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:50099a32dd268be7db0e870819705fee473c3c83f213361d2a1ecf4660287c16_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:e4920c127c4ece8796ace167a6032b6afe7b684731782cfa6e9cf376f660f674_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:13eeb08ff96d003bc6eb05be4ce000a34456f7b101f84a58c95ca0df8cd76182_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:cd80dde7f240ed7d600bd869bc32dadeca137b5ab6d1d6d9e8de5c6b71070c34_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:4a49628cbab41240fbe372971e86b32bb6bbd5fbe7143fbbde903f5f36d0e6e0_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:5e7f6388263e592f90d50283678f48825b280b53a2eba722239c7a77a4451b09_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:653f2cce1486cd628cd9fd679ac308e029a01b8e3a6b284efc35538bc99f87b4_amd64",
            "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:70c748f3d61253536ee609f0362cce0a1537251bf2ec3d3f4bf7b0d4c002bf67_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:3755f9226007651bfb010ab235f039b715e8268666133eda974fba742372f1fe_arm64",
            "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:bc318bc151465d4672c6c07d7535bec2e40d97f7c8d158eefff1f63e242212dd_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses"
    }
  ]
}

cve-2024-24790

Vulnerability from cvelistv5

Published

2024-06-05 15:13

Modified

2024-09-05 08:03

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip

References

▼	URL	Tags
	https://go.dev/cl/590316
	https://go.dev/issue/67680
	https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ
	https://pkg.go.dev/vuln/GO-2024-2887
	http://www.openwall.com/lists/oss-security/2024/06/04/1

Impacted products

▼	Vendor	Product
	Go standard library	net/netip

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-05T08:03:29.294Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/590316"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/67680"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2024-2887"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/04/1"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240905-0002/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "go",
            "vendor": "golang",
            "versions": [
              {
                "lessThan": "1.21.11",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThan": "1.22.4",
                "status": "affected",
                "version": "1.22.0-0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-24790",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T14:59:19.414359Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T17:47:16.286Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/netip",
          "product": "net/netip",
          "programRoutines": [
            {
              "name": "Addr.IsLoopback"
            },
            {
              "name": "Addr.IsMulticast"
            },
            {
              "name": "Addr.IsInterfaceLocalMulticast"
            },
            {
              "name": "Addr.IsLinkLocalMulticast"
            },
            {
              "name": "Addr.IsGlobalUnicast"
            },
            {
              "name": "Addr.IsPrivate"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.21.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.22.4",
              "status": "affected",
              "version": "1.22.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Enze Wang of Alioth (@zer0yu)"
        },
        {
          "lang": "en",
          "value": "Jianjun Chen of Zhongguancun Lab (@chenjj)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-180: Incorrect Behavior Order: Validate Before Canonicalize",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-05T15:13:50.527Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/590316"
        },
        {
          "url": "https://go.dev/issue/67680"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2024-2887"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/06/04/1"
        }
      ],
      "title": "Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2024-24790",
    "datePublished": "2024-06-05T15:13:50.527Z",
    "dateReserved": "2024-01-30T16:05:14.758Z",
    "dateUpdated": "2024-09-05T08:03:29.294Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-24788

Vulnerability from cvelistv5

Published

2024-05-08 15:31

Modified

2024-11-21 15:42

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Malformed DNS message can cause infinite loop in net

References

▼	URL	Tags
	https://go.dev/issue/66754
	https://go.dev/cl/578375
	https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
	https://pkg.go.dev/vuln/GO-2024-2824
	http://www.openwall.com/lists/oss-security/2024/05/08/3
	https://security.netapp.com/advisory/ntap-20240605-0002/
	https://security.netapp.com/advisory/ntap-20240614-0001/

Impacted products

▼	Vendor	Product
	Go standard library	net

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-24788",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T19:38:26.198197Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-835",
                "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T15:42:56.985Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:28:12.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/66754"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/578375"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2024-2824"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/08/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240605-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240614-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net",
          "product": "net",
          "programRoutines": [
            {
              "name": "extractExtendedRCode"
            },
            {
              "name": "Dial"
            },
            {
              "name": "DialTimeout"
            },
            {
              "name": "Dialer.Dial"
            },
            {
              "name": "Dialer.DialContext"
            },
            {
              "name": "Listen"
            },
            {
              "name": "ListenConfig.Listen"
            },
            {
              "name": "ListenConfig.ListenPacket"
            },
            {
              "name": "ListenPacket"
            },
            {
              "name": "LookupAddr"
            },
            {
              "name": "LookupCNAME"
            },
            {
              "name": "LookupHost"
            },
            {
              "name": "LookupIP"
            },
            {
              "name": "LookupMX"
            },
            {
              "name": "LookupNS"
            },
            {
              "name": "LookupSRV"
            },
            {
              "name": "LookupTXT"
            },
            {
              "name": "ResolveIPAddr"
            },
            {
              "name": "ResolveTCPAddr"
            },
            {
              "name": "ResolveUDPAddr"
            },
            {
              "name": "Resolver.LookupAddr"
            },
            {
              "name": "Resolver.LookupCNAME"
            },
            {
              "name": "Resolver.LookupHost"
            },
            {
              "name": "Resolver.LookupIP"
            },
            {
              "name": "Resolver.LookupIPAddr"
            },
            {
              "name": "Resolver.LookupMX"
            },
            {
              "name": "Resolver.LookupNS"
            },
            {
              "name": "Resolver.LookupNetIP"
            },
            {
              "name": "Resolver.LookupSRV"
            },
            {
              "name": "Resolver.LookupTXT"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.22.3",
              "status": "affected",
              "version": "1.22.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "@long-name-let-people-remember-you"
        },
        {
          "lang": "en",
          "value": "Mateusz Poliwczak"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE 400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-09T20:25:03.081Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/66754"
        },
        {
          "url": "https://go.dev/cl/578375"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2024-2824"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/05/08/3"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240605-0002/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240614-0001/"
        }
      ],
      "title": "Malformed DNS message can cause infinite loop in net"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2024-24788",
    "datePublished": "2024-05-08T15:31:11.619Z",
    "dateReserved": "2024-01-30T16:05:14.758Z",
    "dateUpdated": "2024-11-21T15:42:56.985Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2024_4697

Vulnerability from csaf_redhat

cve-2024-24790

Vulnerability from cvelistv5

cve-2024-24788

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature