ALT-PU-2024-4734-2

Package buildah updated to version 1.35.2-alt1 for branch sisyphus in task 343761.

Уязвимость функции protojson.Unmarshal() пакета golang-google-protobuf языка программирования Golang, связанная с циклом с недостижимым условием выхода, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.9)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (5.4)Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C

References:

CVE-2024-24786

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON

Severity: MEDIUM (6.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.6)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

References:

Version: 2.1.2

Package buildah update in sisyphus on 2024-03-29

ALT-PU-2024-4734-2

Closed vulnerabilities

BDU:2024-04111

CVE-2024-24786

GHSA-8r3f-844c-mc37