Vulnerability-Lookup

CVE-2024-34156 (GCVE-0-2024-34156)

Vulnerability from cvelistv5 – Published: 2024-09-06 20:42 – Updated: 2024-09-26 15:03

Title

Stack exhaustion in Decoder.Decode in encoding/gob

Summary

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-674 - Uncontrolled Recursion

Assigner

References

5 references

URL	Tags
https://go.dev/cl/611239
https://go.dev/issue/69139
https://groups.google.com/g/golang-dev/c/S9POB9NCTdk
https://pkg.go.dev/vuln/GO-2024-3106
https://security.netapp.com/advisory/ntap-2024092…

Impacted products

2 products

Vendor	Product	Version
Go standard library	encoding/gob	Affected: 0 , < 1.22.7 (semver) Affected: 1.23.0-0 , < 1.23.1 (semver)
go_standard_library	encoding\/gob	Affected: 0 , < 1.22.7 (semver) Affected: 1.23.0-0 , < 1.23.1 (semver) cpe:2.3:a:go_standard_library:encoding\/gob::::::::

Credits

Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:go_standard_library:encoding\\/gob:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "encoding\\/gob",
            "vendor": "go_standard_library",
            "versions": [
              {
                "lessThan": "1.22.7",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThan": "1.23.1",
                "status": "affected",
                "version": "1.23.0-0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-34156",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T14:04:16.338747Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T14:29:46.867Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-26T15:03:08.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20240926-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "encoding/gob",
          "product": "encoding/gob",
          "programRoutines": [
            {
              "name": "Decoder.decIgnoreOpFor"
            },
            {
              "name": "Decoder.Decode"
            },
            {
              "name": "Decoder.DecodeValue"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.22.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.23.1",
              "status": "affected",
              "version": "1.23.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-06T20:42:42.661Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/611239"
        },
        {
          "url": "https://go.dev/issue/69139"
        },
        {
          "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2024-3106"
        }
      ],
      "title": "Stack exhaustion in Decoder.Decode in encoding/gob"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2024-34156",
    "datePublished": "2024-09-06T20:42:42.661Z",
    "dateReserved": "2024-05-01T18:45:34.846Z",
    "dateUpdated": "2024-09-26T15:03:08.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-34156",
      "date": "2026-06-06",
      "epss": "0.00298",
      "percentile": "0.53513"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-34156\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2024-09-06T21:15:12.020\",\"lastModified\":\"2024-11-21T09:18:12.853\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.\"},{\"lang\":\"es\",\"value\":\"Llamar a Decoder.Decode en un mensaje que contiene estructuras profundamente anidadas puede provocar un p\u00e1nico debido al agotamiento de la pila. Esta es una continuaci\u00f3n de CVE-2022-30635.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"references\":[{\"url\":\"https://go.dev/cl/611239\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/issue/69139\",\"source\":\"security@golang.org\"},{\"url\":\"https://groups.google.com/g/golang-dev/c/S9POB9NCTdk\",\"source\":\"security@golang.org\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2024-3106\",\"source\":\"security@golang.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240926-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20240926-0004/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-09-26T15:03:08.203Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-34156\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-09T14:04:16.338747Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:go_standard_library:encoding\\\\/gob:*:*:*:*:*:*:*:*\"], \"vendor\": \"go_standard_library\", \"product\": \"encoding\\\\/gob\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.22.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.23.0-0\", \"lessThan\": \"1.23.1\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-09T14:06:46.233Z\"}}], \"cna\": {\"title\": \"Stack exhaustion in Decoder.Decode in encoding/gob\", \"credits\": [{\"lang\": \"en\", \"value\": \"Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu)\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"encoding/gob\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.22.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.23.0-0\", \"lessThan\": \"1.23.1\", \"versionType\": \"semver\"}], \"packageName\": \"encoding/gob\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Decoder.decIgnoreOpFor\"}, {\"name\": \"Decoder.Decode\"}, {\"name\": \"Decoder.DecodeValue\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/611239\"}, {\"url\": \"https://go.dev/issue/69139\"}, {\"url\": \"https://groups.google.com/g/golang-dev/c/S9POB9NCTdk\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2024-3106\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-674: Uncontrolled Recursion\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2024-09-06T20:42:42.661Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-34156\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-26T15:03:08.203Z\", \"dateReserved\": \"2024-05-01T18:45:34.846Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2024-09-06T20:42:42.661Z\", \"assignerShortName\": \"Go\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

alsa-2024:11216

Vulnerability from osv_almalinux

Published

2024-12-17 00:00

Modified

2024-12-23 08:20

Summary

Moderate: containernetworking-plugins security update

Details

The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.

Security Fix(es):

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:11216	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-34156	REPORT
	https://bugzilla.redhat.com/2310528	REPORT
	https://errata.almalinux.org/9/ALSA-2024-11216.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "containernetworking-plugins"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.5.1-3.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.   \n\nSecurity Fix(es):  \n\n  * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2024:11216",
  "modified": "2024-12-23T08:20:47Z",
  "published": "2024-12-17T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:11216"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-34156"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310528"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-11216.html"
    }
  ],
  "related": [
    "CVE-2024-34156"
  ],
  "summary": "Moderate: containernetworking-plugins security update"
}

alsa-2024:11217

Vulnerability from osv_almalinux

Published

2024-12-17 00:00

Modified

2024-12-23 08:28

Summary

Important: skopeo security update

Details

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.

Security Fix(es):

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:11217	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-34156	REPORT
	https://bugzilla.redhat.com/2310528	REPORT
	https://errata.almalinux.org/9/ALSA-2024-11217.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "skopeo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:1.16.1-2.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "skopeo-tests"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:1.16.1-2.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.   \n\nSecurity Fix(es):  \n\n  * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2024:11217",
  "modified": "2024-12-23T08:28:36Z",
  "published": "2024-12-17T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:11217"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-34156"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310528"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-11217.html"
    }
  ],
  "related": [
    "CVE-2024-34156"
  ],
  "summary": "Important: skopeo security update"
}

alsa-2024:6908

Vulnerability from osv_almalinux

Published

2024-09-23 00:00

Modified

2024-09-24 09:39

Summary

Important: go-toolset:rhel8 security update

Details

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155)
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:6908	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-24791	REPORT
	https://access.redhat.com/security/cve/CVE-2024-34155	REPORT
	https://access.redhat.com/security/cve/CVE-2024-34156	REPORT
	https://access.redhat.com/security/cve/CVE-2024-34158	REPORT
	https://bugzilla.redhat.com/2295310	REPORT
	https://bugzilla.redhat.com/2310527	REPORT
	https://bugzilla.redhat.com/2310528	REPORT
	https://bugzilla.redhat.com/2310529	REPORT
	https://errata.almalinux.org/8/ALSA-2024-6908.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "delve"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.2-4.module_el8.10.0+3895+92d465e0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "go-toolset"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.13-1.module_el8.10.0+3895+92d465e0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "golang"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.13-2.module_el8.10.0+3895+92d465e0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "golang-bin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.13-2.module_el8.10.0+3895+92d465e0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "golang-docs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.13-2.module_el8.10.0+3895+92d465e0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "golang-misc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.13-2.module_el8.10.0+3895+92d465e0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "golang-src"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.13-2.module_el8.10.0+3895+92d465e0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "golang-tests"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.13-2.module_el8.10.0+3895+92d465e0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nSecurity Fix(es):\n\n* net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)\n* go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155)\n* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)\n* go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:6908",
  "modified": "2024-09-24T09:39:43Z",
  "published": "2024-09-23T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:6908"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-24791"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-34155"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-34156"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-34158"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2295310"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310527"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310528"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310529"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-6908.html"
    }
  ],
  "related": [
    "CVE-2024-24791",
    "CVE-2024-34155",
    "CVE-2024-34156",
    "CVE-2024-34158"
  ],
  "summary": "Important: go-toolset:rhel8 security update"
}

alsa-2024:6913

Vulnerability from osv_almalinux

Published

2024-09-23 00:00

Modified

2024-09-24 09:37

Summary

Important: golang security update

Details

The golang packages provide the Go programming language compiler.

Security Fix(es):

net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155)
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:6913	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-24791	REPORT
	https://access.redhat.com/security/cve/CVE-2024-34155	REPORT
	https://access.redhat.com/security/cve/CVE-2024-34156	REPORT
	https://access.redhat.com/security/cve/CVE-2024-34158	REPORT
	https://bugzilla.redhat.com/2295310	REPORT
	https://bugzilla.redhat.com/2310527	REPORT
	https://bugzilla.redhat.com/2310528	REPORT
	https://bugzilla.redhat.com/2310529	REPORT
	https://errata.almalinux.org/9/ALSA-2024-6913.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "go-toolset"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.13-3.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "golang"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.13-3.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "golang-bin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.13-3.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "golang-docs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.13-3.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "golang-misc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.13-3.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "golang-src"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.13-3.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "golang-tests"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.13-3.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)\n* go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155)\n* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)\n* go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:6913",
  "modified": "2024-09-24T09:37:21Z",
  "published": "2024-09-23T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:6913"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-24791"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-34155"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-34156"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-34158"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2295310"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310527"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310528"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310529"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-6913.html"
    }
  ],
  "related": [
    "CVE-2024-24791",
    "CVE-2024-34155",
    "CVE-2024-34156",
    "CVE-2024-34158"
  ],
  "summary": "Important: golang security update"
}

alsa-2024:6946

Vulnerability from osv_almalinux

Published

2024-09-23 00:00

Modified

2024-09-24 09:33

Summary

Important: grafana-pcp security update

Details

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

Security Fix(es):

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:6946	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-34156	REPORT
	https://bugzilla.redhat.com/2310528	REPORT
	https://errata.almalinux.org/9/ALSA-2024-6946.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grafana-pcp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.1-3.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.\n\nSecurity Fix(es):\n\n* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:6946",
  "modified": "2024-09-24T09:33:36Z",
  "published": "2024-09-23T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:6946"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-34156"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310528"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-6946.html"
    }
  ],
  "related": [
    "CVE-2024-34156"
  ],
  "summary": "Important: grafana-pcp security update"
}

alsa-2024:6947

Vulnerability from osv_almalinux

Published

2024-09-23 00:00

Modified

2024-09-24 09:31

Summary

Important: grafana security update

Details

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:6947	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-34156	REPORT
	https://bugzilla.redhat.com/2310528	REPORT
	https://errata.almalinux.org/9/ALSA-2024-6947.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grafana"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.2.10-17.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grafana-selinux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.2.10-17.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nSecurity Fix(es):\n\n* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:6947",
  "modified": "2024-09-24T09:31:38Z",
  "published": "2024-09-23T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:6947"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-34156"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310528"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-6947.html"
    }
  ],
  "related": [
    "CVE-2024-34156"
  ],
  "summary": "Important: grafana security update"
}

alsa-2024:7135

Vulnerability from osv_almalinux

Published

2024-09-25 00:00

Modified

2024-09-26 06:10

Summary

Important: git-lfs security update

Details

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.

Security Fix(es):

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:7135	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-34156	REPORT
	https://bugzilla.redhat.com/2310528	REPORT
	https://errata.almalinux.org/8/ALSA-2024-7135.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "git-lfs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.4.1-3.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:7135",
  "modified": "2024-09-26T06:10:19Z",
  "published": "2024-09-25T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:7135"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-34156"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310528"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-7135.html"
    }
  ],
  "related": [
    "CVE-2024-34156"
  ],
  "summary": "Important: git-lfs security update"
}

alsa-2024:7136

Vulnerability from osv_almalinux

Published

2024-09-25 00:00

Modified

2024-09-26 06:08

Summary

Important: git-lfs security update

Details

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.

Security Fix(es):

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:7136	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-34156	REPORT
	https://bugzilla.redhat.com/2310528	REPORT
	https://errata.almalinux.org/9/ALSA-2024-7136.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "git-lfs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.4.1-4.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:7136",
  "modified": "2024-09-26T06:08:12Z",
  "published": "2024-09-25T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:7136"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-34156"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310528"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-7136.html"
    }
  ],
  "related": [
    "CVE-2024-34156"
  ],
  "summary": "Important: git-lfs security update"
}

alsa-2024:7204

Vulnerability from osv_almalinux

Published

2024-09-26 00:00

Modified

2024-09-27 09:50

Summary

Important: osbuild-composer security update

Details

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.

Security Fix(es):

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:7204	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-34156	REPORT
	https://bugzilla.redhat.com/2310528	REPORT
	https://errata.almalinux.org/9/ALSA-2024-7204.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "osbuild-composer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "101-2.el9_4.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "osbuild-composer-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "101-2.el9_4.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "osbuild-composer-worker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "101-2.el9_4.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud.  It is compatible with composer-cli and cockpit-composer clients.\n\nSecurity Fix(es):\n\n* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:7204",
  "modified": "2024-09-27T09:50:28Z",
  "published": "2024-09-26T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:7204"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-34156"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310528"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-7204.html"
    }
  ],
  "related": [
    "CVE-2024-34156"
  ],
  "summary": "Important: osbuild-composer security update"
}

alsa-2024:7262

Vulnerability from osv_almalinux

Published

2024-09-26 00:00

Modified

2024-09-27 07:24

Summary

Important: osbuild-composer security update

Details

Security Fix(es):

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:7262	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-1394	REPORT
	https://access.redhat.com/security/cve/CVE-2024-34156	REPORT
	https://bugzilla.redhat.com/2262921	REPORT
	https://bugzilla.redhat.com/2310528	REPORT
	https://errata.almalinux.org/8/ALSA-2024-7262.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "osbuild-composer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "101-2.el8_10.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "osbuild-composer-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "101-2.el8_10.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "osbuild-composer-worker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "101-2.el8_10.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud.  It is compatible with composer-cli and cockpit-composer clients.\n\nSecurity Fix(es):\n\n* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)\n* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:7262",
  "modified": "2024-09-27T07:24:20Z",
  "published": "2024-09-26T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:7262"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-1394"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-34156"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2262921"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2310528"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-7262.html"
    }
  ],
  "related": [
    "CVE-2024-1394",
    "CVE-2024-34156"
  ],
  "summary": "Important: osbuild-composer security update"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-34156 (GCVE-0-2024-34156)

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature