Upstream information
CVE-2024-24786 at MITRE
Description
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
SUSE information
Overall state of this security issue: Analysis
This issue is currently rated as having not set severity.
No SUSE Bugzilla entries cross referenced.
No SUSE Security Announcements cross referenced.
List of released packages
Product(s) | Fixed package version(s) | References |
openSUSE Tumbleweed | buildah >= 1.35.3-1.1
kubernetes1.26-apiserver >= 1.26.15-1.1
kubernetes1.26-client >= 1.26.15-1.1
kubernetes1.26-client-bash-completion >= 1.26.15-1.1
kubernetes1.26-client-common >= 1.26.15-1.1
kubernetes1.26-client-fish-completion >= 1.26.15-1.1
kubernetes1.26-controller-manager >= 1.26.15-1.1
kubernetes1.26-kubeadm >= 1.26.15-1.1
kubernetes1.26-kubelet >= 1.26.15-1.1
kubernetes1.26-kubelet-common >= 1.26.15-1.1
kubernetes1.26-proxy >= 1.26.15-1.1
kubernetes1.26-scheduler >= 1.26.15-1.1
kubernetes1.27-apiserver >= 1.27.12-1.1
kubernetes1.27-client >= 1.27.12-1.1
kubernetes1.27-client-bash-completion >= 1.27.12-1.1
kubernetes1.27-client-common >= 1.27.12-1.1
kubernetes1.27-client-fish-completion >= 1.27.12-1.1
kubernetes1.27-controller-manager >= 1.27.12-1.1
kubernetes1.27-kubeadm >= 1.27.12-1.1
kubernetes1.27-kubelet >= 1.27.12-1.1
kubernetes1.27-kubelet-common >= 1.27.12-1.1
kubernetes1.27-proxy >= 1.27.12-1.1
kubernetes1.27-scheduler >= 1.27.12-1.1
kubernetes1.28-apiserver >= 1.28.8-1.1
kubernetes1.28-client >= 1.28.8-1.1
kubernetes1.28-client-bash-completion >= 1.28.8-1.1
kubernetes1.28-client-common >= 1.28.8-1.1
kubernetes1.28-client-fish-completion >= 1.28.8-1.1
kubernetes1.28-controller-manager >= 1.28.8-1.1
kubernetes1.28-kubeadm >= 1.28.8-1.1
kubernetes1.28-kubelet >= 1.28.8-1.1
kubernetes1.28-kubelet-common >= 1.28.8-1.1
kubernetes1.28-proxy >= 1.28.8-1.1
kubernetes1.28-scheduler >= 1.28.8-1.1
kubernetes1.29-apiserver >= 1.29.3-1.1
kubernetes1.29-client >= 1.29.3-1.1
kubernetes1.29-client-bash-completion >= 1.29.3-1.1
kubernetes1.29-client-common >= 1.29.3-1.1
kubernetes1.29-client-fish-completion >= 1.29.3-1.1
kubernetes1.29-controller-manager >= 1.29.3-1.1
kubernetes1.29-kubeadm >= 1.29.3-1.1
kubernetes1.29-kubelet >= 1.29.3-1.1
kubernetes1.29-kubelet-common >= 1.29.3-1.1
kubernetes1.29-proxy >= 1.29.3-1.1
kubernetes1.29-scheduler >= 1.29.3-1.1
rclone >= 1.66.0-1.1
rclone-bash-completion >= 1.66.0-1.1
rclone-zsh-completion >= 1.66.0-1.1
| Patchnames: openSUSE Tumbleweed GA buildah-1.35.3-1.1 openSUSE Tumbleweed GA kubernetes1.26-apiserver-1.26.15-1.1 openSUSE Tumbleweed GA kubernetes1.27-apiserver-1.27.12-1.1 openSUSE Tumbleweed GA kubernetes1.28-apiserver-1.28.8-1.1 openSUSE Tumbleweed GA kubernetes1.29-apiserver-1.29.3-1.1 openSUSE Tumbleweed GA rclone-1.66.0-1.1 |
SUSE Timeline for this CVE
CVE page created: Wed Mar 6 01:00:18 2024
CVE page last modified: Tue Apr 9 00:37:56 2024