Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-24789 (GCVE-0-2024-24789)
Vulnerability from cvelistv5 – Published: 2024-06-05 15:13 – Updated: 2025-02-13 17:40
VLAI
EPSS
Title
Mishandling of corrupt central directory record in archive/zip
Summary
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
Severity
5.3 (Medium)
CWE
- CWE-390 - Detection of Error Condition Without Action
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | archive/zip |
Affected:
0 , < 1.21.11
(semver)
Affected: 1.22.0-0 , < 1.22.4 (semver) |
Credits
Yufan You (@ouuan)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "go",
"vendor": "golang",
"versions": [
{
"lessThan": "1.21.11",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.22.4",
"status": "affected",
"version": "1.22.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-24789",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T15:26:12.977985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T16:20:49.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-31T15:02:43.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/585397"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/66869"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2024-2888"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/04/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250131-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "archive/zip",
"product": "archive/zip",
"programRoutines": [
{
"name": "findSignatureInBlock"
},
{
"name": "NewReader"
},
{
"name": "OpenReader"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.21.11",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.22.4",
"status": "affected",
"version": "1.22.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Yufan You (@ouuan)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The archive/zip package\u0027s handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-390: Detection of Error Condition Without Action",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T03:05:53.965Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/585397"
},
{
"url": "https://go.dev/issue/66869"
},
{
"url": "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2888"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/04/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/"
}
],
"title": "Mishandling of corrupt central directory record in archive/zip"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2024-24789",
"datePublished": "2024-06-05T15:13:51.938Z",
"dateReserved": "2024-01-30T16:05:14.758Z",
"dateUpdated": "2025-02-13T17:40:27.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-24789",
"date": "2026-05-27",
"epss": "7e-05",
"percentile": "0.0055"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-24789\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2024-06-05T16:15:10.470\",\"lastModified\":\"2025-01-31T15:15:12.740\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The archive/zip package\u0027s handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.\"},{\"lang\":\"es\",\"value\":\"El manejo que hace el paquete archive/zip de ciertos tipos de archivos zip no v\u00e1lidos difiere del comportamiento de la mayor\u00eda de las implementaciones zip. Esta desalineaci\u00f3n podr\u00eda aprovecharse para crear un archivo zip con contenidos que var\u00edan seg\u00fan la implementaci\u00f3n que lea el archivo. El paquete archive/zip ahora rechaza los archivos que contienen estos errores.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.21.11\",\"matchCriteriaId\":\"7A191F39-17BE-4051-A445-E60525659377\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.22.0\",\"versionEndExcluding\":\"1.22.4\",\"matchCriteriaId\":\"4B85AD31-1004-48F3-9A80-7CF48CD0CEA7\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/06/04/1\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://go.dev/cl/585397\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/66869\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ\",\"source\":\"security@golang.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/\",\"source\":\"security@golang.org\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2024-2888\",\"source\":\"security@golang.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/06/04/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://go.dev/cl/585397\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/66869\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2024-2888\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20250131-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://go.dev/cl/585397\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://go.dev/issue/66869\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://pkg.go.dev/vuln/GO-2024-2888\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/06/04/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250131-0008/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-01-31T15:02:43.918Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-24789\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-06T15:26:12.977985Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\"], \"vendor\": \"golang\", \"product\": \"go\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.21.11\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.22.0\", \"lessThan\": \"1.22.4\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-06T15:33:22.625Z\"}}], \"cna\": {\"title\": \"Mishandling of corrupt central directory record in archive/zip\", \"credits\": [{\"lang\": \"en\", \"value\": \"Yufan You (@ouuan)\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"archive/zip\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.21.11\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.22.0-0\", \"lessThan\": \"1.22.4\", \"versionType\": \"semver\"}], \"packageName\": \"archive/zip\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"findSignatureInBlock\"}, {\"name\": \"NewReader\"}, {\"name\": \"OpenReader\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/585397\"}, {\"url\": \"https://go.dev/issue/66869\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2024-2888\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/06/04/1\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The archive/zip package\u0027s handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-390: Detection of Error Condition Without Action\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2024-06-19T03:05:53.965Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-24789\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:40:27.816Z\", \"dateReserved\": \"2024-01-30T16:05:14.758Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2024-06-05T15:13:51.938Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2026-AVI-0339
Vulnerability from certfr_avis - Published: 2026-03-23 - Updated: 2026-03-23
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Kubernetes Runtime | Stemcells (Windows) versions antérieures à 2019.96.x | ||
| VMware | Tanzu Gemfire | Tanzu GemFire sur Tanzu Platform 2.2.x versions antérieures à 2.2.2 | ||
| VMware | Platform Services | Platform Services pour Tanzu Platform versions antérieures à 10.3.6 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.1107.x | ||
| VMware | Tanzu Gemfire | Tanzu GemFire sur Tanzu Platform 2.1.x versions antérieures à 2.1.4 | ||
| VMware | Tanzu | Tanzu pour Postgres sur Tanzu Platform versions antérieures à 10.2.3 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.261.x |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stemcells (Windows) versions ant\u00e9rieures \u00e0 2019.96.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire sur Tanzu Platform 2.2.x versions ant\u00e9rieures \u00e0 2.2.2",
"product": {
"name": "Tanzu Gemfire",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Services pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.6",
"product": {
"name": "Platform Services",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.1107.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire sur Tanzu Platform 2.1.x versions ant\u00e9rieures \u00e0 2.1.4",
"product": {
"name": "Tanzu Gemfire",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Postgres sur Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.3",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.261.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2026-30227",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30227"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2026-1965",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1965"
},
{
"name": "CVE-2026-3497",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3497"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2026-27138",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27138"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2026-3783",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3783"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2025-61985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2026-24051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24051"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2025-58063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58063"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2025-61984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2026-1229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1229"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2026-25210",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25210"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2026-24515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24515"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2026-27571",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27571"
},
{
"name": "CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2025-11065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11065"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"name": "CVE-2025-22873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22873"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2025-64702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64702"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"name": "CVE-2025-68151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68151"
},
{
"name": "CVE-2026-3784",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3784"
},
{
"name": "CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
}
],
"initial_release_date": "2026-03-23T00:00:00",
"last_revision_date": "2026-03-23T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0339",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37283",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37283"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37288",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37288"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37281",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37281"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37278",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37278"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37282",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37282"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37286",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37286"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37279",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37279"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37280",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37280"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37284",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37284"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37277",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37277"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37285",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37285"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37287",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37287"
}
]
}
FKIE_CVE-2024-24789
Vulnerability from fkie_nvd - Published: 2024-06-05 16:15 - Updated: 2025-01-31 15:15
Severity
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Summary
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A191F39-17BE-4051-A445-E60525659377",
"versionEndExcluding": "1.21.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B85AD31-1004-48F3-9A80-7CF48CD0CEA7",
"versionEndExcluding": "1.22.4",
"versionStartIncluding": "1.22.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The archive/zip package\u0027s handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors."
},
{
"lang": "es",
"value": "El manejo que hace el paquete archive/zip de ciertos tipos de archivos zip no v\u00e1lidos difiere del comportamiento de la mayor\u00eda de las implementaciones zip. Esta desalineaci\u00f3n podr\u00eda aprovecharse para crear un archivo zip con contenidos que var\u00edan seg\u00fan la implementaci\u00f3n que lea el archivo. El paquete archive/zip ahora rechaza los archivos que contienen estos errores."
}
],
"id": "CVE-2024-24789",
"lastModified": "2025-01-31T15:15:12.740",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-05T16:15:10.470",
"references": [
{
"source": "security@golang.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/04/1"
},
{
"source": "security@golang.org",
"tags": [
"Patch"
],
"url": "https://go.dev/cl/585397"
},
{
"source": "security@golang.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://go.dev/issue/66869"
},
{
"source": "security@golang.org",
"tags": [
"Release Notes"
],
"url": "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ"
},
{
"source": "security@golang.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/"
},
{
"source": "security@golang.org",
"tags": [
"Third Party Advisory"
],
"url": "https://pkg.go.dev/vuln/GO-2024-2888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/04/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://go.dev/cl/585397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://go.dev/issue/66869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pkg.go.dev/vuln/GO-2024-2888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20250131-0008/"
}
],
"sourceIdentifier": "security@golang.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-236W-P7WF-5PH8
Vulnerability from github – Published: 2024-06-05 18:30 – Updated: 2025-01-31 15:30
VLAI
Details
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
Severity
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2024-24789"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-05T16:15:10Z",
"severity": "MODERATE"
},
"details": "The archive/zip package\u0027s handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.",
"id": "GHSA-236w-p7wf-5ph8",
"modified": "2025-01-31T15:30:42Z",
"published": "2024-06-05T18:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24789"
},
{
"type": "WEB",
"url": "https://go.dev/cl/585397"
},
{
"type": "WEB",
"url": "https://go.dev/issue/66869"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2024-2888"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250131-0008"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/06/04/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2024-24789
Vulnerability from gsd - Updated: 2024-01-31 06:02Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-24789"
],
"id": "GSD-2024-24789",
"modified": "2024-01-31T06:02:39.974443Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-24789",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
MSRC_CVE-2024-24789
Vulnerability from csaf_microsoft - Published: 2024-06-02 07:00 - Updated: 2026-02-19 01:46Summary
Mishandling of corrupt central directory record in archive/zip
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
5.3 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17313-17086 | — | ||
| Unresolved product id: 17315-17086 | — | ||
| Unresolved product id: 17570-17084 | — | ||
| Unresolved product id: 19747-17086 | — | ||
| Unresolved product id: 19730-17086 | — | ||
| Unresolved product id: 18444-17086 | — | ||
| Unresolved product id: 19755-17086 | — |
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17086-17 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-16 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-2 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-11 | — | ||
| Unresolved product id: 17086-1 | — |
Vendor Fix
fix
|
Known not affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17086-5 | — | ||
| Unresolved product id: 17086-4 | — | ||
| Unresolved product id: 17084-6 | — | ||
| Unresolved product id: 17086-10 | — | ||
| Unresolved product id: 17084-8 | — | ||
| Unresolved product id: 17084-13 | — | ||
| Unresolved product id: 17084-7 | — | ||
| Unresolved product id: 17084-12 | — | ||
| Unresolved product id: 17086-9 | — | ||
| Unresolved product id: 17084-15 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2024/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2024/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24789 Mishandling of corrupt central directory record in archive/zip - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-24789.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Mishandling of corrupt central directory record in archive/zip",
"tracking": {
"current_release_date": "2026-02-19T01:46:58.000Z",
"generator": {
"date": "2026-02-21T03:10:18.249Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-24789",
"initial_release_date": "2024-06-02T07:00:00.000Z",
"revision_history": [
{
"date": "2025-09-03T20:45:41.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-02-19T01:46:58.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 msft-golang 1.22.4-1",
"product": {
"name": "\u003ccbl2 msft-golang 1.22.4-1",
"product_id": "17"
}
},
{
"category": "product_version",
"name": "cbl2 msft-golang 1.22.4-1",
"product": {
"name": "cbl2 msft-golang 1.22.4-1",
"product_id": "17313"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 msft-golang 1.24.1-2",
"product": {
"name": "\u003ccbl2 msft-golang 1.24.1-2",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "cbl2 msft-golang 1.24.1-2",
"product": {
"name": "cbl2 msft-golang 1.24.1-2",
"product_id": "19730"
}
}
],
"category": "product_name",
"name": "msft-golang"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.21.11-1",
"product": {
"name": "\u003ccbl2 golang 1.21.11-1",
"product_id": "16"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.21.11-1",
"product": {
"name": "cbl2 golang 1.21.11-1",
"product_id": "17315"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 golang 1.22.3-1",
"product": {
"name": "\u003cazl3 golang 1.22.3-1",
"product_id": "14"
}
},
{
"category": "product_version",
"name": "azl3 golang 1.22.3-1",
"product": {
"name": "azl3 golang 1.22.3-1",
"product_id": "17570"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.22.7-3",
"product": {
"name": "\u003ccbl2 golang 1.22.7-3",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.22.7-3",
"product": {
"name": "cbl2 golang 1.22.7-3",
"product_id": "19747"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.22.7-3",
"product": {
"name": "\u003ccbl2 golang 1.22.7-3",
"product_id": "11"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.22.7-3",
"product": {
"name": "cbl2 golang 1.22.7-3",
"product_id": "18444"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.18.8-8",
"product": {
"name": "\u003ccbl2 golang 1.18.8-8",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.18.8-8",
"product": {
"name": "cbl2 golang 1.18.8-8",
"product_id": "19755"
}
}
],
"category": "product_name",
"name": "golang"
},
{
"category": "product_name",
"name": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "cbl2 python-tensorboard 2.11.0-3",
"product_id": "5"
}
},
{
"category": "product_name",
"name": "cbl2 gcc 11.2.0-8",
"product": {
"name": "cbl2 gcc 11.2.0-8",
"product_id": "4"
}
},
{
"category": "product_name",
"name": "azl3 golang 1.24.3-1",
"product": {
"name": "azl3 golang 1.24.3-1",
"product_id": "6"
}
},
{
"category": "product_name",
"name": "cbl2 gcc 11.2.0-8",
"product": {
"name": "cbl2 gcc 11.2.0-8",
"product_id": "10"
}
},
{
"category": "product_name",
"name": "azl3 golang 1.23.9-1",
"product": {
"name": "azl3 golang 1.23.9-1",
"product_id": "8"
}
},
{
"category": "product_name",
"name": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "azl3 tensorflow 2.16.1-9",
"product_id": "13"
}
},
{
"category": "product_name",
"name": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "azl3 python-tensorboard 2.16.2-6",
"product_id": "7"
}
},
{
"category": "product_name",
"name": "azl3 gcc 13.2.0-7",
"product": {
"name": "azl3 gcc 13.2.0-7",
"product_id": "12"
}
},
{
"category": "product_name",
"name": "cbl2 tensorflow 2.11.1-2",
"product": {
"name": "cbl2 tensorflow 2.11.1-2",
"product_id": "9"
}
},
{
"category": "product_name",
"name": "azl3 golang 1.23.7-1",
"product": {
"name": "azl3 golang 1.23.7-1",
"product_id": "15"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 msft-golang 1.22.4-1 as a component of CBL Mariner 2.0",
"product_id": "17086-17"
},
"product_reference": "17",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 msft-golang 1.22.4-1 as a component of CBL Mariner 2.0",
"product_id": "17313-17086"
},
"product_reference": "17313",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.21.11-1 as a component of CBL Mariner 2.0",
"product_id": "17086-16"
},
"product_reference": "16",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.21.11-1 as a component of CBL Mariner 2.0",
"product_id": "17315-17086"
},
"product_reference": "17315",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 golang 1.22.3-1 as a component of Azure Linux 3.0",
"product_id": "17084-14"
},
"product_reference": "14",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.22.3-1 as a component of Azure Linux 3.0",
"product_id": "17570-17084"
},
"product_reference": "17570",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.22.7-3 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.22.7-3 as a component of CBL Mariner 2.0",
"product_id": "19747-17086"
},
"product_reference": "19747",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python-tensorboard 2.11.0-3 as a component of CBL Mariner 2.0",
"product_id": "17086-5"
},
"product_reference": "5",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 gcc 11.2.0-8 as a component of CBL Mariner 2.0",
"product_id": "17086-4"
},
"product_reference": "4",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 msft-golang 1.24.1-2 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 msft-golang 1.24.1-2 as a component of CBL Mariner 2.0",
"product_id": "19730-17086"
},
"product_reference": "19730",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.24.3-1 as a component of Azure Linux 3.0",
"product_id": "17084-6"
},
"product_reference": "6",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.22.7-3 as a component of CBL Mariner 2.0",
"product_id": "17086-11"
},
"product_reference": "11",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.22.7-3 as a component of CBL Mariner 2.0",
"product_id": "18444-17086"
},
"product_reference": "18444",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 gcc 11.2.0-8 as a component of CBL Mariner 2.0",
"product_id": "17086-10"
},
"product_reference": "10",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.23.9-1 as a component of Azure Linux 3.0",
"product_id": "17084-8"
},
"product_reference": "8",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 tensorflow 2.16.1-9 as a component of Azure Linux 3.0",
"product_id": "17084-13"
},
"product_reference": "13",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.16.2-6 as a component of Azure Linux 3.0",
"product_id": "17084-7"
},
"product_reference": "7",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 gcc 13.2.0-7 as a component of Azure Linux 3.0",
"product_id": "17084-12"
},
"product_reference": "12",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 tensorflow 2.11.1-2 as a component of CBL Mariner 2.0",
"product_id": "17086-9"
},
"product_reference": "9",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.18.8-8 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.18.8-8 as a component of CBL Mariner 2.0",
"product_id": "19755-17086"
},
"product_reference": "19755",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.23.7-1 as a component of Azure Linux 3.0",
"product_id": "17084-15"
},
"product_reference": "15",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24789",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17086-5",
"17084-6",
"17084-8",
"17084-13",
"17084-7",
"17086-9",
"17084-15"
]
},
{
"label": "vulnerable_code_not_present",
"product_ids": [
"17086-4",
"17086-10",
"17084-12"
]
}
],
"notes": [
{
"category": "general",
"text": "Go",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"17313-17086",
"17315-17086",
"17570-17084",
"19747-17086",
"19730-17086",
"18444-17086",
"19755-17086"
],
"known_affected": [
"17086-17",
"17086-16",
"17084-14",
"17086-2",
"17086-3",
"17086-11",
"17086-1"
],
"known_not_affected": [
"17086-5",
"17086-4",
"17084-6",
"17086-10",
"17084-8",
"17084-13",
"17084-7",
"17084-12",
"17086-9",
"17084-15"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24789 Mishandling of corrupt central directory record in archive/zip - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-24789.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-03T20:45:41.000Z",
"details": "1.22.4-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-17"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-09-03T20:45:41.000Z",
"details": "1.21.11-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-16"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-09-03T20:45:41.000Z",
"details": "1.22.3-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-14"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-09-03T20:45:41.000Z",
"details": "Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-2",
"17086-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-09-03T20:45:41.000Z",
"details": "1.18.8-8:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"17086-17",
"17086-16",
"17084-14",
"17086-2",
"17086-3",
"17086-11",
"17086-1"
]
}
],
"title": "Mishandling of corrupt central directory record in archive/zip"
}
]
}
NCSC-2025-0020
Vulnerability from csaf_ncscnl - Published: 2025-01-22 13:30 - Updated: 2025-01-22 13:30Summary
Kwetsbaarheden verholpen in Oracle Database producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in diverse database producten en subsystemen, zoals de Core Database, Graal, Application Express, GoldenGate en REST data.
Interpretaties: De kwetsbaarheden bevinden zich in verschillende componenten van de Oracle Database, waaronder de Data Mining component en de Java VM. Deze kwetsbaarheden stellen laaggeprivilegieerde geauthenticeerde gebruikers in staat om het systeem te compromitteren, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie. De Java VM-kwetsbaarheid kan ook leiden tot ongeautoriseerde wijzigingen van gegevens.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-391: Unchecked Error Condition
CWE-115: Misinterpretation of Input
CWE-466: Return of Pointer Value Outside of Expected Range
CWE-222: Truncation of Security-relevant Information
CWE-131: Incorrect Calculation of Buffer Size
CWE-1287: Improper Validation of Specified Type of Input
CWE-922: Insecure Storage of Sensitive Information
CWE-191: Integer Underflow (Wrap or Wraparound)
CWE-1220: Insufficient Granularity of Access Control
CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-178: Improper Handling of Case Sensitivity
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-440: Expected Behavior Violation
CWE-1286: Improper Validation of Syntactic Correctness of Input
CWE-703: Improper Check or Handling of Exceptional Conditions
CWE-617: Reachable Assertion
CWE-427: Uncontrolled Search Path Element
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CWE-288: Authentication Bypass Using an Alternate Path or Channel
CWE-354: Improper Validation of Integrity Check Value
CWE-190: Integer Overflow or Wraparound
CWE-404: Improper Resource Shutdown or Release
CWE-284: Improper Access Control
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333: Inefficient Regular Expression Complexity
CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-476: NULL Pointer Dereference
CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-400: Uncontrolled Resource Consumption
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-502: Deserialization of Untrusted Data
CWE-674: Uncontrolled Recursion
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-611: Improper Restriction of XML External Entity Reference
CWE-787: Out-of-bounds Write
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-122: Heap-based Buffer Overflow
CWE-121: Stack-based Buffer Overflow
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20: Improper Input Validation
CWE-276: Incorrect Default Permissions
9.8 (Critical)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:23.4-23.6:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:21.3-21.16:*:*:*:*:*:*:*
|
— |
10.0 (Critical)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:23.4-23.6:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:21.3-21.16:*:*:*:*:*:*:*
|
— |
CWE-190
- Integer Overflow or Wraparound
CWE-190
- Integer Overflow or Wraparound
CWE-190
- Integer Overflow or Wraparound
CWE-502
- Deserialization of Untrusted Data
CWE-400
- Uncontrolled Resource Consumption
9.8 (Critical)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:*:*:*:*:*:*:*
|
— |
CWE-367
- Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-391
- Unchecked Error Condition
CWE-400
- Uncontrolled Resource Consumption
CWE-367
- Time-of-check Time-of-use (TOCTOU) Race Condition
5.4 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*
|
— |
6.7 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_data_mining
oracle
|
cpe:2.3:a:oracle:database_-_data_mining:21.3-21.16:*:*:*:*:*:*:*
|
— | |
|
database_-_data_mining
oracle
|
cpe:2.3:a:oracle:database_-_data_mining:19.3-19.25:*:*:*:*:*:*:*
|
— |
CWE-20
- Improper Input Validation
7.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:21.3-21.16:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:23.4-23.6:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:21.3-21.16:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:23.4-23.6:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:21.3-21.14:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.23.0.0.240716:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*
|
— | |
|
rest_data_services
oracle
|
cpe:2.3:a:oracle:rest_data_services:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
database_server
oracle
|
cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*
|
— | |
|
database_migration_assistant_for_unicode
oracle
|
cpe:2.3:a:oracle:database_migration_assistant_for_unicode:19.1:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
database_server
oracle
|
cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
rest_data_services
oracle
|
cpe:2.3:a:oracle:rest_data_services:*:*:*:*:*:*:*:*
|
— | |
|
graal_development_kit_for_micronaut
oracle
|
cpe:2.3:a:oracle:graal_development_kit_for_micronaut:23.5-23.6:*:*:*:*:*:*:*
|
— |
8.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
database_server
oracle
|
cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
rest_data_services
oracle
|
cpe:2.3:a:oracle:rest_data_services:*:*:*:*:*:*:*:*
|
— |
CWE-276
- Incorrect Default Permissions
CWE-440
- Expected Behavior Violation
CWE-1333
- Inefficient Regular Expression Complexity
5.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
rest_data_services
oracle
|
cpe:2.3:a:oracle:rest_data_services:24.3.0:*:*:*:*:*:*:*
|
— | |
|
rest_data_services
oracle
|
cpe:2.3:a:oracle:rest_data_services:24.2.0:*:*:*:*:*:*:*
|
— |
CWE-502
- Deserialization of Untrusted Data
CWE-20
- Improper Input Validation
CWE-400
- Uncontrolled Resource Consumption
CWE-835
- Loop with Unreachable Exit Condition ('Infinite Loop')
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— |
CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
CWE-922
- Insecure Storage of Sensitive Information
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_graalvm_multilingual_engine
oracle
|
cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:21.4-21.16:*:*:*:*:*:*:*
|
— | |
|
database_-_graalvm_multilingual_engine
oracle
|
cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:23.5-23.6:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
database_server
oracle
|
cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
rest_data_services
oracle
|
cpe:2.3:a:oracle:rest_data_services:*:*:*:*:*:*:*:*
|
— |
CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
CWE-284
- Improper Access Control
CWE-404
- Improper Resource Shutdown or Release
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
database_server
oracle
|
cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
rest_data_services
oracle
|
cpe:2.3:a:oracle:rest_data_services:*:*:*:*:*:*:*:*
|
— |
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-476
- NULL Pointer Dereference
CWE-703
- Improper Check or Handling of Exceptional Conditions
CWE-466
- Return of Pointer Value Outside of Expected Range
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*
|
— |
References
44 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in diverse database producten en subsystemen, zoals de Core Database, Graal, Application Express, GoldenGate en REST data.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich in verschillende componenten van de Oracle Database, waaronder de Data Mining component en de Java VM. Deze kwetsbaarheden stellen laaggeprivilegieerde geauthenticeerde gebruikers in staat om het systeem te compromitteren, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie. De Java VM-kwetsbaarheid kan ook leiden tot ongeautoriseerde wijzigingen van gegevens.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Unchecked Error Condition",
"title": "CWE-391"
},
{
"category": "general",
"text": "Misinterpretation of Input",
"title": "CWE-115"
},
{
"category": "general",
"text": "Return of Pointer Value Outside of Expected Range",
"title": "CWE-466"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "Incorrect Calculation of Buffer Size",
"title": "CWE-131"
},
{
"category": "general",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
},
{
"category": "general",
"text": "Insecure Storage of Sensitive Information",
"title": "CWE-922"
},
{
"category": "general",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "general",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
},
{
"category": "general",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
},
{
"category": "general",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "general",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
},
{
"category": "general",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "general",
"text": "Reachable Assertion",
"title": "CWE-617"
},
{
"category": "general",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "general",
"text": "Authentication Bypass Using an Alternate Path or Channel",
"title": "CWE-288"
},
{
"category": "general",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"title": "CWE-757"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Incorrect Default Permissions",
"title": "CWE-276"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Database producten",
"tracking": {
"current_release_date": "2025-01-22T13:30:16.354373Z",
"id": "NCSC-2025-0020",
"initial_release_date": "2025-01-22T13:30:16.354373Z",
"revision_history": [
{
"date": "2025-01-22T13:30:16.354373Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "graal_development_kit_for_micronaut",
"product": {
"name": "graal_development_kit_for_micronaut",
"product_id": "CSAFPID-1751216",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graal_development_kit_for_micronaut:23.5-23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_data_mining",
"product": {
"name": "database_-_data_mining",
"product_id": "CSAFPID-1751200",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_data_mining:19.3-19.25:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_data_mining",
"product": {
"name": "database_-_data_mining",
"product_id": "CSAFPID-1751199",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_data_mining:21.3-21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_migration_assistant_for_unicode",
"product": {
"name": "database_migration_assistant_for_unicode",
"product_id": "CSAFPID-1751212",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_migration_assistant_for_unicode:19.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_server",
"product": {
"name": "database_server",
"product_id": "CSAFPID-1503604",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_graalvm_multilingual_engine",
"product": {
"name": "database_-_graalvm_multilingual_engine",
"product_id": "CSAFPID-1751223",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:21.4-21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_graalvm_multilingual_engine",
"product": {
"name": "database_-_graalvm_multilingual_engine",
"product_id": "CSAFPID-1751224",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:23.5-23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "application_express",
"product": {
"name": "application_express",
"product_id": "CSAFPID-1503575",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "application_express",
"product": {
"name": "application_express",
"product_id": "CSAFPID-1673188",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-342816",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-816845",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-1650825",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-1751298",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-1751299",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1650767",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.23.0.0.240716:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-485902",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1503736",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.23.0.0.240716:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1503739",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751093",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751094",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:23.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751095",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751204",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:23.4-23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1503738",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751203",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.3-21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1650765",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.3-21.14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "rest_data_services",
"product": {
"name": "rest_data_services",
"product_id": "CSAFPID-711746",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "rest_data_services",
"product": {
"name": "rest_data_services",
"product_id": "CSAFPID-1751305",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:rest_data_services:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "rest_data_services",
"product": {
"name": "rest_data_services",
"product_id": "CSAFPID-1751304",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:rest_data_services:24.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-667692",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-345049",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-611417",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-1673422",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-38998",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1673188",
"CSAFPID-1751204",
"CSAFPID-1751203"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38998",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1673188",
"CSAFPID-1751204",
"CSAFPID-1751203"
]
}
],
"title": "CVE-2024-38998"
},
{
"cve": "CVE-2024-38999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1673188",
"CSAFPID-1751204",
"CSAFPID-1751203"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38999",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1673188",
"CSAFPID-1751204",
"CSAFPID-1751203"
]
}
],
"title": "CVE-2024-38999"
},
{
"cve": "CVE-2024-45490",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "other",
"text": "Incorrect Calculation of Buffer Size",
"title": "CWE-131"
},
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-45490",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json"
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-45491",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json"
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-45492",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json"
}
],
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-45772",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-45772",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45772.json"
}
],
"title": "CVE-2024-45772"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-47554",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json"
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650825",
"CSAFPID-1751298",
"CSAFPID-1751299"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47561",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650825",
"CSAFPID-1751298",
"CSAFPID-1751299"
]
}
],
"title": "CVE-2024-47561"
},
{
"cve": "CVE-2024-50379",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-50379",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50379.json"
}
],
"title": "CVE-2024-50379"
},
{
"cve": "CVE-2024-52316",
"cwe": {
"id": "CWE-391",
"name": "Unchecked Error Condition"
},
"notes": [
{
"category": "other",
"text": "Unchecked Error Condition",
"title": "CWE-391"
},
{
"category": "other",
"text": "Authentication Bypass Using an Alternate Path or Channel",
"title": "CWE-288"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-52316",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52316.json"
}
],
"title": "CVE-2024-52316"
},
{
"cve": "CVE-2024-54677",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-54677",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54677.json"
}
],
"title": "CVE-2024-54677"
},
{
"cve": "CVE-2024-56337",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-56337",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json"
}
],
"title": "CVE-2024-56337"
},
{
"cve": "CVE-2025-21553",
"references": [
{
"category": "self",
"summary": "CVE-2025-21553",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21553.json"
}
],
"title": "CVE-2025-21553"
},
{
"cve": "CVE-2025-21557",
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1673188"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21557",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21557.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1673188"
]
}
],
"title": "CVE-2025-21557"
},
{
"cve": "CVE-2022-26345",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751199",
"CSAFPID-1751200"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-26345",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-26345.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751199",
"CSAFPID-1751200"
]
}
],
"title": "CVE-2022-26345"
},
{
"cve": "CVE-2023-27043",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-27043",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-27043.json"
}
],
"title": "CVE-2023-27043"
},
{
"cve": "CVE-2023-36730",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751203",
"CSAFPID-1751204"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-36730",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36730.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751203",
"CSAFPID-1751204"
]
}
],
"title": "CVE-2023-36730"
},
{
"cve": "CVE-2023-36785",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "other",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751203",
"CSAFPID-1751204"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-36785",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36785.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751203",
"CSAFPID-1751204"
]
}
],
"title": "CVE-2023-36785"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "other",
"text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"title": "CWE-757"
},
{
"category": "other",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650765",
"CSAFPID-1650767",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-711746",
"CSAFPID-816845",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-1751212"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650765",
"CSAFPID-1650767",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-711746",
"CSAFPID-816845",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-1751212"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-52428",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-342816",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-816845",
"CSAFPID-711746",
"CSAFPID-1751216"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52428",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-342816",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-816845",
"CSAFPID-711746",
"CSAFPID-1751216"
]
}
],
"title": "CVE-2023-52428"
},
{
"cve": "CVE-2024-2961",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2961",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
}
],
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-4030",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "other",
"text": "Incorrect Default Permissions",
"title": "CWE-276"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-4030",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4030.json"
}
],
"title": "CVE-2024-4030"
},
{
"cve": "CVE-2024-4032",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "other",
"text": "Expected Behavior Violation",
"title": "CWE-440"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-4032",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4032.json"
}
],
"title": "CVE-2024-4032"
},
{
"cve": "CVE-2024-6232",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-6232",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json"
}
],
"title": "CVE-2024-6232"
},
{
"cve": "CVE-2024-6763",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751304",
"CSAFPID-1751305"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6763",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6763.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1751304",
"CSAFPID-1751305"
]
}
],
"title": "CVE-2024-6763"
},
{
"cve": "CVE-2024-6923",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-6923",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6923.json"
}
],
"title": "CVE-2024-6923"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-7254",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json"
}
],
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-7592",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-7592",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json"
}
],
"title": "CVE-2024-7592"
},
{
"cve": "CVE-2024-8088",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-8088",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8088.json"
}
],
"title": "CVE-2024-8088"
},
{
"cve": "CVE-2024-8927",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8927",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8927.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-8927"
},
{
"cve": "CVE-2024-11053",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-11053",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11053.json"
}
],
"title": "CVE-2024-11053"
},
{
"cve": "CVE-2024-21211",
"cwe": {
"id": "CWE-922",
"name": "Insecure Storage of Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Insecure Storage of Sensitive Information",
"title": "CWE-922"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751223",
"CSAFPID-1751224"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21211",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21211.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1751223",
"CSAFPID-1751224"
]
}
],
"title": "CVE-2024-21211"
},
{
"cve": "CVE-2024-22262",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650825",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22262",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1650825",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
}
],
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-24789",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-24789",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24789.json"
}
],
"title": "CVE-2024-24789"
},
{
"cve": "CVE-2024-24790",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Misinterpretation of Input",
"title": "CWE-115"
},
{
"category": "other",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-24790",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24790.json"
}
],
"title": "CVE-2024-24790"
},
{
"cve": "CVE-2024-24791",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-24791",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24791.json"
}
],
"title": "CVE-2024-24791"
},
{
"cve": "CVE-2024-28757",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28757",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28757.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-33599",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33599",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33599.json"
}
],
"title": "CVE-2024-33599"
},
{
"cve": "CVE-2024-33600",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33600",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33600.json"
}
],
"title": "CVE-2024-33600"
},
{
"cve": "CVE-2024-33601",
"cwe": {
"id": "CWE-703",
"name": "Improper Check or Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "other",
"text": "Reachable Assertion",
"title": "CWE-617"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33601",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33601.json"
}
],
"title": "CVE-2024-33601"
},
{
"cve": "CVE-2024-33602",
"cwe": {
"id": "CWE-466",
"name": "Return of Pointer Value Outside of Expected Range"
},
"notes": [
{
"category": "other",
"text": "Return of Pointer Value Outside of Expected Range",
"title": "CWE-466"
},
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33602",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json"
}
],
"title": "CVE-2024-33602"
},
{
"cve": "CVE-2024-38819",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650825"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38819",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1650825"
]
}
],
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-38820",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650825"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38820",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650825"
]
}
],
"title": "CVE-2024-38820"
}
]
}
OPENSUSE-SU-2024:14020-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
go1.22-1.22.4-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.22-1.22.4-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.22-1.22.4-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14020
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.22-1.22.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-1.22.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-1.22.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-1.22.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.22-1.22.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-1.22.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-1.22.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-1.22.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.22-1.22.4-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.22-1.22.4-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14020",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14020-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24789 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24789/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24790 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24790/"
}
],
"title": "go1.22-1.22.4-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14020-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.22-1.22.4-1.1.aarch64",
"product": {
"name": "go1.22-1.22.4-1.1.aarch64",
"product_id": "go1.22-1.22.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.22-doc-1.22.4-1.1.aarch64",
"product": {
"name": "go1.22-doc-1.22.4-1.1.aarch64",
"product_id": "go1.22-doc-1.22.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.22-libstd-1.22.4-1.1.aarch64",
"product": {
"name": "go1.22-libstd-1.22.4-1.1.aarch64",
"product_id": "go1.22-libstd-1.22.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.22-race-1.22.4-1.1.aarch64",
"product": {
"name": "go1.22-race-1.22.4-1.1.aarch64",
"product_id": "go1.22-race-1.22.4-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.22-1.22.4-1.1.ppc64le",
"product": {
"name": "go1.22-1.22.4-1.1.ppc64le",
"product_id": "go1.22-1.22.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.22-doc-1.22.4-1.1.ppc64le",
"product": {
"name": "go1.22-doc-1.22.4-1.1.ppc64le",
"product_id": "go1.22-doc-1.22.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.22-libstd-1.22.4-1.1.ppc64le",
"product": {
"name": "go1.22-libstd-1.22.4-1.1.ppc64le",
"product_id": "go1.22-libstd-1.22.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.22-race-1.22.4-1.1.ppc64le",
"product": {
"name": "go1.22-race-1.22.4-1.1.ppc64le",
"product_id": "go1.22-race-1.22.4-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.22-1.22.4-1.1.s390x",
"product": {
"name": "go1.22-1.22.4-1.1.s390x",
"product_id": "go1.22-1.22.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.22-doc-1.22.4-1.1.s390x",
"product": {
"name": "go1.22-doc-1.22.4-1.1.s390x",
"product_id": "go1.22-doc-1.22.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.22-libstd-1.22.4-1.1.s390x",
"product": {
"name": "go1.22-libstd-1.22.4-1.1.s390x",
"product_id": "go1.22-libstd-1.22.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.22-race-1.22.4-1.1.s390x",
"product": {
"name": "go1.22-race-1.22.4-1.1.s390x",
"product_id": "go1.22-race-1.22.4-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.22-1.22.4-1.1.x86_64",
"product": {
"name": "go1.22-1.22.4-1.1.x86_64",
"product_id": "go1.22-1.22.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.22-doc-1.22.4-1.1.x86_64",
"product": {
"name": "go1.22-doc-1.22.4-1.1.x86_64",
"product_id": "go1.22-doc-1.22.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.22-libstd-1.22.4-1.1.x86_64",
"product": {
"name": "go1.22-libstd-1.22.4-1.1.x86_64",
"product_id": "go1.22-libstd-1.22.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.22-race-1.22.4-1.1.x86_64",
"product": {
"name": "go1.22-race-1.22.4-1.1.x86_64",
"product_id": "go1.22-race-1.22.4-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-1.22.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-1.22.4-1.1.aarch64"
},
"product_reference": "go1.22-1.22.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-1.22.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-1.22.4-1.1.ppc64le"
},
"product_reference": "go1.22-1.22.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-1.22.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-1.22.4-1.1.s390x"
},
"product_reference": "go1.22-1.22.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-1.22.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-1.22.4-1.1.x86_64"
},
"product_reference": "go1.22-1.22.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-doc-1.22.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.aarch64"
},
"product_reference": "go1.22-doc-1.22.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-doc-1.22.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.ppc64le"
},
"product_reference": "go1.22-doc-1.22.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-doc-1.22.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.s390x"
},
"product_reference": "go1.22-doc-1.22.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-doc-1.22.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.x86_64"
},
"product_reference": "go1.22-doc-1.22.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-libstd-1.22.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.aarch64"
},
"product_reference": "go1.22-libstd-1.22.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-libstd-1.22.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.ppc64le"
},
"product_reference": "go1.22-libstd-1.22.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-libstd-1.22.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.s390x"
},
"product_reference": "go1.22-libstd-1.22.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-libstd-1.22.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.x86_64"
},
"product_reference": "go1.22-libstd-1.22.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-race-1.22.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.aarch64"
},
"product_reference": "go1.22-race-1.22.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-race-1.22.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.ppc64le"
},
"product_reference": "go1.22-race-1.22.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-race-1.22.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.s390x"
},
"product_reference": "go1.22-race-1.22.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-race-1.22.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.x86_64"
},
"product_reference": "go1.22-race-1.22.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24789",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24789"
}
],
"notes": [
{
"category": "general",
"text": "The archive/zip package\u0027s handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24789",
"url": "https://www.suse.com/security/cve/CVE-2024-24789"
},
{
"category": "external",
"summary": "SUSE Bug 1225973 for CVE-2024-24789",
"url": "https://bugzilla.suse.com/1225973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-24789"
},
{
"cve": "CVE-2024-24790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24790"
}
],
"notes": [
{
"category": "general",
"text": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24790",
"url": "https://www.suse.com/security/cve/CVE-2024-24790"
},
{
"category": "external",
"summary": "SUSE Bug 1225974 for CVE-2024-24790",
"url": "https://bugzilla.suse.com/1225974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-doc-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-libstd-1.22.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.s390x",
"openSUSE Tumbleweed:go1.22-race-1.22.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-24790"
}
]
}
OPENSUSE-SU-2024:14023-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
go1.21-1.21.11-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.21-1.21.11-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.21-1.21.11-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14023
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.21-1.21.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-1.21.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-1.21.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-1.21.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.21-1.21.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-1.21.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-1.21.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-1.21.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.21-1.21.11-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.21-1.21.11-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14023",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14023-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24789 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24789/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24790 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24790/"
}
],
"title": "go1.21-1.21.11-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14023-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.21-1.21.11-1.1.aarch64",
"product": {
"name": "go1.21-1.21.11-1.1.aarch64",
"product_id": "go1.21-1.21.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.21-doc-1.21.11-1.1.aarch64",
"product": {
"name": "go1.21-doc-1.21.11-1.1.aarch64",
"product_id": "go1.21-doc-1.21.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.21-libstd-1.21.11-1.1.aarch64",
"product": {
"name": "go1.21-libstd-1.21.11-1.1.aarch64",
"product_id": "go1.21-libstd-1.21.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.21-race-1.21.11-1.1.aarch64",
"product": {
"name": "go1.21-race-1.21.11-1.1.aarch64",
"product_id": "go1.21-race-1.21.11-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.21-1.21.11-1.1.ppc64le",
"product": {
"name": "go1.21-1.21.11-1.1.ppc64le",
"product_id": "go1.21-1.21.11-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.21-doc-1.21.11-1.1.ppc64le",
"product": {
"name": "go1.21-doc-1.21.11-1.1.ppc64le",
"product_id": "go1.21-doc-1.21.11-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.21-libstd-1.21.11-1.1.ppc64le",
"product": {
"name": "go1.21-libstd-1.21.11-1.1.ppc64le",
"product_id": "go1.21-libstd-1.21.11-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.21-race-1.21.11-1.1.ppc64le",
"product": {
"name": "go1.21-race-1.21.11-1.1.ppc64le",
"product_id": "go1.21-race-1.21.11-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.21-1.21.11-1.1.s390x",
"product": {
"name": "go1.21-1.21.11-1.1.s390x",
"product_id": "go1.21-1.21.11-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.21-doc-1.21.11-1.1.s390x",
"product": {
"name": "go1.21-doc-1.21.11-1.1.s390x",
"product_id": "go1.21-doc-1.21.11-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.21-libstd-1.21.11-1.1.s390x",
"product": {
"name": "go1.21-libstd-1.21.11-1.1.s390x",
"product_id": "go1.21-libstd-1.21.11-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.21-race-1.21.11-1.1.s390x",
"product": {
"name": "go1.21-race-1.21.11-1.1.s390x",
"product_id": "go1.21-race-1.21.11-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.21-1.21.11-1.1.x86_64",
"product": {
"name": "go1.21-1.21.11-1.1.x86_64",
"product_id": "go1.21-1.21.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.21-doc-1.21.11-1.1.x86_64",
"product": {
"name": "go1.21-doc-1.21.11-1.1.x86_64",
"product_id": "go1.21-doc-1.21.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.21-libstd-1.21.11-1.1.x86_64",
"product": {
"name": "go1.21-libstd-1.21.11-1.1.x86_64",
"product_id": "go1.21-libstd-1.21.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.21-race-1.21.11-1.1.x86_64",
"product": {
"name": "go1.21-race-1.21.11-1.1.x86_64",
"product_id": "go1.21-race-1.21.11-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.21-1.21.11-1.1.aarch64"
},
"product_reference": "go1.21-1.21.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.21-1.21.11-1.1.ppc64le"
},
"product_reference": "go1.21-1.21.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.21-1.21.11-1.1.s390x"
},
"product_reference": "go1.21-1.21.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.21-1.21.11-1.1.x86_64"
},
"product_reference": "go1.21-1.21.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.aarch64"
},
"product_reference": "go1.21-doc-1.21.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.ppc64le"
},
"product_reference": "go1.21-doc-1.21.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.s390x"
},
"product_reference": "go1.21-doc-1.21.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.x86_64"
},
"product_reference": "go1.21-doc-1.21.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-libstd-1.21.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.aarch64"
},
"product_reference": "go1.21-libstd-1.21.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-libstd-1.21.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.ppc64le"
},
"product_reference": "go1.21-libstd-1.21.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-libstd-1.21.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.s390x"
},
"product_reference": "go1.21-libstd-1.21.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-libstd-1.21.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.x86_64"
},
"product_reference": "go1.21-libstd-1.21.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.aarch64"
},
"product_reference": "go1.21-race-1.21.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.ppc64le"
},
"product_reference": "go1.21-race-1.21.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.s390x"
},
"product_reference": "go1.21-race-1.21.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.x86_64"
},
"product_reference": "go1.21-race-1.21.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24789",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24789"
}
],
"notes": [
{
"category": "general",
"text": "The archive/zip package\u0027s handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24789",
"url": "https://www.suse.com/security/cve/CVE-2024-24789"
},
{
"category": "external",
"summary": "SUSE Bug 1225973 for CVE-2024-24789",
"url": "https://bugzilla.suse.com/1225973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-24789"
},
{
"cve": "CVE-2024-24790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24790"
}
],
"notes": [
{
"category": "general",
"text": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24790",
"url": "https://www.suse.com/security/cve/CVE-2024-24790"
},
{
"category": "external",
"summary": "SUSE Bug 1225974 for CVE-2024-24790",
"url": "https://bugzilla.suse.com/1225974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-doc-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-libstd-1.21.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.s390x",
"openSUSE Tumbleweed:go1.21-race-1.21.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-24790"
}
]
}
OPENSUSE-SU-2024:14050-1
Vulnerability from csaf_opensuse - Published: 2024-06-17 00:00 - Updated: 2024-06-17 00:00Summary
forgejo-7.0.4-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: forgejo-7.0.4-1.1 on GA media
Description of the patch: These are all security issues fixed in the forgejo-7.0.4-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14050
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:forgejo-7.0.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:forgejo-7.0.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:forgejo-7.0.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:forgejo-7.0.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "forgejo-7.0.4-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the forgejo-7.0.4-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14050",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14050-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24789 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24789/"
}
],
"title": "forgejo-7.0.4-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-17T00:00:00Z",
"generator": {
"date": "2024-06-17T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14050-1",
"initial_release_date": "2024-06-17T00:00:00Z",
"revision_history": [
{
"date": "2024-06-17T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "forgejo-7.0.4-1.1.aarch64",
"product": {
"name": "forgejo-7.0.4-1.1.aarch64",
"product_id": "forgejo-7.0.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "forgejo-apparmor-7.0.4-1.1.aarch64",
"product": {
"name": "forgejo-apparmor-7.0.4-1.1.aarch64",
"product_id": "forgejo-apparmor-7.0.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "forgejo-selinux-7.0.4-1.1.aarch64",
"product": {
"name": "forgejo-selinux-7.0.4-1.1.aarch64",
"product_id": "forgejo-selinux-7.0.4-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "forgejo-7.0.4-1.1.ppc64le",
"product": {
"name": "forgejo-7.0.4-1.1.ppc64le",
"product_id": "forgejo-7.0.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "forgejo-apparmor-7.0.4-1.1.ppc64le",
"product": {
"name": "forgejo-apparmor-7.0.4-1.1.ppc64le",
"product_id": "forgejo-apparmor-7.0.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "forgejo-selinux-7.0.4-1.1.ppc64le",
"product": {
"name": "forgejo-selinux-7.0.4-1.1.ppc64le",
"product_id": "forgejo-selinux-7.0.4-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "forgejo-7.0.4-1.1.s390x",
"product": {
"name": "forgejo-7.0.4-1.1.s390x",
"product_id": "forgejo-7.0.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "forgejo-apparmor-7.0.4-1.1.s390x",
"product": {
"name": "forgejo-apparmor-7.0.4-1.1.s390x",
"product_id": "forgejo-apparmor-7.0.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "forgejo-selinux-7.0.4-1.1.s390x",
"product": {
"name": "forgejo-selinux-7.0.4-1.1.s390x",
"product_id": "forgejo-selinux-7.0.4-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "forgejo-7.0.4-1.1.x86_64",
"product": {
"name": "forgejo-7.0.4-1.1.x86_64",
"product_id": "forgejo-7.0.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "forgejo-apparmor-7.0.4-1.1.x86_64",
"product": {
"name": "forgejo-apparmor-7.0.4-1.1.x86_64",
"product_id": "forgejo-apparmor-7.0.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "forgejo-selinux-7.0.4-1.1.x86_64",
"product": {
"name": "forgejo-selinux-7.0.4-1.1.x86_64",
"product_id": "forgejo-selinux-7.0.4-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-7.0.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-7.0.4-1.1.aarch64"
},
"product_reference": "forgejo-7.0.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-7.0.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-7.0.4-1.1.ppc64le"
},
"product_reference": "forgejo-7.0.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-7.0.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-7.0.4-1.1.s390x"
},
"product_reference": "forgejo-7.0.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-7.0.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-7.0.4-1.1.x86_64"
},
"product_reference": "forgejo-7.0.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-apparmor-7.0.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.aarch64"
},
"product_reference": "forgejo-apparmor-7.0.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-apparmor-7.0.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.ppc64le"
},
"product_reference": "forgejo-apparmor-7.0.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-apparmor-7.0.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.s390x"
},
"product_reference": "forgejo-apparmor-7.0.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-apparmor-7.0.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.x86_64"
},
"product_reference": "forgejo-apparmor-7.0.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-selinux-7.0.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.aarch64"
},
"product_reference": "forgejo-selinux-7.0.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-selinux-7.0.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.ppc64le"
},
"product_reference": "forgejo-selinux-7.0.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-selinux-7.0.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.s390x"
},
"product_reference": "forgejo-selinux-7.0.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-selinux-7.0.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.x86_64"
},
"product_reference": "forgejo-selinux-7.0.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24789",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24789"
}
],
"notes": [
{
"category": "general",
"text": "The archive/zip package\u0027s handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:forgejo-7.0.4-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-7.0.4-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-7.0.4-1.1.s390x",
"openSUSE Tumbleweed:forgejo-7.0.4-1.1.x86_64",
"openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.s390x",
"openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.x86_64",
"openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.s390x",
"openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24789",
"url": "https://www.suse.com/security/cve/CVE-2024-24789"
},
{
"category": "external",
"summary": "SUSE Bug 1225973 for CVE-2024-24789",
"url": "https://bugzilla.suse.com/1225973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:forgejo-7.0.4-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-7.0.4-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-7.0.4-1.1.s390x",
"openSUSE Tumbleweed:forgejo-7.0.4-1.1.x86_64",
"openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.s390x",
"openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.x86_64",
"openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.s390x",
"openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:forgejo-7.0.4-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-7.0.4-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-7.0.4-1.1.s390x",
"openSUSE Tumbleweed:forgejo-7.0.4-1.1.x86_64",
"openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.s390x",
"openSUSE Tumbleweed:forgejo-apparmor-7.0.4-1.1.x86_64",
"openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.s390x",
"openSUSE Tumbleweed:forgejo-selinux-7.0.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-24789"
}
]
}
RHEA-2025:0507
Vulnerability from csaf_redhat - Published: 2025-01-21 12:46 - Updated: 2026-05-04 21:08Summary
Red Hat Enhancement Advisory: Advisory for publishing Helm 3.15.4 GA release
Severity
Moderate
Notes
Topic: GA release of Helm 3.15.4 for OpenShift Container Platform 4.17 version.
Details: This errata advisory is for publishing the GA release of Helm 3.15.4 for OpenShift Container Platform 4.17 version.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-redistributable-0:3.15.4-60.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.
5.5 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-redistributable-0:3.15.4-60.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.
6.7 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:helm-redistributable-0:3.15.4-60.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "GA release of Helm 3.15.4 for OpenShift Container Platform 4.17 version.",
"title": "Topic"
},
{
"category": "general",
"text": "This errata advisory is for publishing the GA release of Helm 3.15.4 for OpenShift Container Platform 4.17 version.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2025:0507",
"url": "https://access.redhat.com/errata/RHEA-2025:0507"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/applications/working_with_helm_charts/installing-helm.html",
"url": "https://docs.openshift.com/container-platform/latest/applications/working_with_helm_charts/installing-helm.html"
},
{
"category": "external",
"summary": "DPROD-391",
"url": "https://issues.redhat.com/browse/DPROD-391"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhea-2025_0507.json"
}
],
"title": "Red Hat Enhancement Advisory: Advisory for publishing Helm 3.15.4 GA release",
"tracking": {
"current_release_date": "2026-05-04T21:08:52+00:00",
"generator": {
"date": "2026-05-04T21:08:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHEA-2025:0507",
"initial_release_date": "2025-01-21T12:46:18+00:00",
"revision_history": [
{
"date": "2025-01-21T12:46:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-01-21T12:46:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-04T21:08:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.17",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.17::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-0:3.15.4-60.el9.src",
"product": {
"name": "helm-0:3.15.4-60.el9.src",
"product_id": "helm-0:3.15.4-60.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/helm@3.15.4-60.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-0:3.15.4-60.el9.aarch64",
"product": {
"name": "helm-0:3.15.4-60.el9.aarch64",
"product_id": "helm-0:3.15.4-60.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/helm@3.15.4-60.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-0:3.15.4-60.el9.ppc64le",
"product": {
"name": "helm-0:3.15.4-60.el9.ppc64le",
"product_id": "helm-0:3.15.4-60.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/helm@3.15.4-60.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-0:3.15.4-60.el9.s390x",
"product": {
"name": "helm-0:3.15.4-60.el9.s390x",
"product_id": "helm-0:3.15.4-60.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/helm@3.15.4-60.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-0:3.15.4-60.el9.x86_64",
"product": {
"name": "helm-0:3.15.4-60.el9.x86_64",
"product_id": "helm-0:3.15.4-60.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/helm@3.15.4-60.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "helm-redistributable-0:3.15.4-60.el9.x86_64",
"product": {
"name": "helm-redistributable-0:3.15.4-60.el9.x86_64",
"product_id": "helm-redistributable-0:3.15.4-60.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/helm-redistributable@3.15.4-60.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-0:3.15.4-60.el9.aarch64 as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.aarch64"
},
"product_reference": "helm-0:3.15.4-60.el9.aarch64",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-0:3.15.4-60.el9.ppc64le as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.ppc64le"
},
"product_reference": "helm-0:3.15.4-60.el9.ppc64le",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-0:3.15.4-60.el9.s390x as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.s390x"
},
"product_reference": "helm-0:3.15.4-60.el9.s390x",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-0:3.15.4-60.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.src"
},
"product_reference": "helm-0:3.15.4-60.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-0:3.15.4-60.el9.x86_64 as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.x86_64"
},
"product_reference": "helm-0:3.15.4-60.el9.x86_64",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-redistributable-0:3.15.4-60.el9.x86_64 as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:helm-redistributable-0:3.15.4-60.el9.x86_64"
},
"product_reference": "helm-redistributable-0:3.15.4-60.el9.x86_64",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24788",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-05-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279814"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: malformed DNS message can cause infinite loop",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.aarch64",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.ppc64le",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.s390x",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.src",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.x86_64",
"9Base-OCP-Tools-4.17:helm-redistributable-0:3.15.4-60.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24788"
},
{
"category": "external",
"summary": "RHBZ#2279814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24788"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2824",
"url": "https://pkg.go.dev/vuln/GO-2024-2824"
}
],
"release_date": "2024-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-21T12:46:18+00:00",
"details": "Ensuring that the binaries for Helm are available for use to the customers/users. Follow the instructions linked in the References section to download the binaries for Helm and use them.",
"product_ids": [
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.aarch64",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.ppc64le",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.s390x",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.src",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.x86_64",
"9Base-OCP-Tools-4.17:helm-redistributable-0:3.15.4-60.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2025:0507"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.aarch64",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.ppc64le",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.s390x",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.src",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.x86_64",
"9Base-OCP-Tools-4.17:helm-redistributable-0:3.15.4-60.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.aarch64",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.ppc64le",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.s390x",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.src",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.x86_64",
"9Base-OCP-Tools-4.17:helm-redistributable-0:3.15.4-60.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: malformed DNS message can cause infinite loop"
},
{
"cve": "CVE-2024-24789",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-06-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2292668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Incorrect handling of certain ZIP files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.aarch64",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.ppc64le",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.s390x",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.src",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.x86_64",
"9Base-OCP-Tools-4.17:helm-redistributable-0:3.15.4-60.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24789"
},
{
"category": "external",
"summary": "RHBZ#2292668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24789"
}
],
"release_date": "2024-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-21T12:46:18+00:00",
"details": "Ensuring that the binaries for Helm are available for use to the customers/users. Follow the instructions linked in the References section to download the binaries for Helm and use them.",
"product_ids": [
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.aarch64",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.ppc64le",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.s390x",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.src",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.x86_64",
"9Base-OCP-Tools-4.17:helm-redistributable-0:3.15.4-60.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2025:0507"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.aarch64",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.ppc64le",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.s390x",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.src",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.x86_64",
"9Base-OCP-Tools-4.17:helm-redistributable-0:3.15.4-60.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Incorrect handling of certain ZIP files"
},
{
"cve": "CVE-2024-24790",
"cwe": {
"id": "CWE-115",
"name": "Misinterpretation of Input"
},
"discovery_date": "2024-06-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2292787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn\u0027t behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE has been marked as moderate as for our products a network-based attack vector is simply impossible when it comes to golang code,apart from that as per CVE flaw analysis reported by golang, this only affects integrity and confidentiality and has no effect on availability, hence CVSS has been marked as such.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.aarch64",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.ppc64le",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.s390x",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.src",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.x86_64",
"9Base-OCP-Tools-4.17:helm-redistributable-0:3.15.4-60.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24790"
},
{
"category": "external",
"summary": "RHBZ#2292787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24790"
}
],
"release_date": "2024-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-21T12:46:18+00:00",
"details": "Ensuring that the binaries for Helm are available for use to the customers/users. Follow the instructions linked in the References section to download the binaries for Helm and use them.",
"product_ids": [
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.aarch64",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.ppc64le",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.s390x",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.src",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.x86_64",
"9Base-OCP-Tools-4.17:helm-redistributable-0:3.15.4-60.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2025:0507"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.aarch64",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.ppc64le",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.s390x",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.src",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.x86_64",
"9Base-OCP-Tools-4.17:helm-redistributable-0:3.15.4-60.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.aarch64",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.ppc64le",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.s390x",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.src",
"9Base-OCP-Tools-4.17:helm-0:3.15.4-60.el9.x86_64",
"9Base-OCP-Tools-4.17:helm-redistributable-0:3.15.4-60.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…