{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-24788", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2024-01-30T16:05:14.758Z", "datePublished": "2024-05-08T15:31:11.619Z", "dateUpdated": "2024-08-01T23:28:12.532Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2024-05-09T20:25:03.081Z"}, "title": "Malformed DNS message can cause infinite loop in net", "descriptions": [{"lang": "en", "value": "A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop."}], "affected": [{"vendor": "Go standard library", "product": "net", "collectionURL": "https://pkg.go.dev", "packageName": "net", "versions": [{"version": "1.22.0-0", "lessThan": "1.22.3", "status": "affected", "versionType": "semver"}], "programRoutines": [{"name": "extractExtendedRCode"}, {"name": "Dial"}, {"name": "DialTimeout"}, {"name": "Dialer.Dial"}, {"name": "Dialer.DialContext"}, {"name": "Listen"}, {"name": "ListenConfig.Listen"}, {"name": "ListenConfig.ListenPacket"}, {"name": "ListenPacket"}, {"name": "LookupAddr"}, {"name": "LookupCNAME"}, {"name": "LookupHost"}, {"name": "LookupIP"}, {"name": "LookupMX"}, {"name": "LookupNS"}, {"name": "LookupSRV"}, {"name": "LookupTXT"}, {"name": "ResolveIPAddr"}, {"name": "ResolveTCPAddr"}, {"name": "ResolveUDPAddr"}, {"name": "Resolver.LookupAddr"}, {"name": "Resolver.LookupCNAME"}, {"name": "Resolver.LookupHost"}, {"name": "Resolver.LookupIP"}, {"name": "Resolver.LookupIPAddr"}, {"name": "Resolver.LookupMX"}, {"name": "Resolver.LookupNS"}, {"name": "Resolver.LookupNetIP"}, {"name": "Resolver.LookupSRV"}, {"name": "Resolver.LookupTXT"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE 400: Uncontrolled Resource Consumption"}]}], "references": [{"url": "https://go.dev/issue/66754"}, {"url": "https://go.dev/cl/578375"}, {"url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0"}, {"url": "https://pkg.go.dev/vuln/GO-2024-2824"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/08/3"}, {"url": "https://security.netapp.com/advisory/ntap-20240605-0002/"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0001/"}], "credits": [{"lang": "en", "value": "@long-name-let-people-remember-you"}, {"lang": "en", "value": "Mateusz Poliwczak"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T19:38:26.198197Z", "id": "CVE-2024-24788", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T19:40:33.056Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:28:12.532Z"}, "title": "CVE Program Container", "references": [{"url": "https://go.dev/issue/66754", "tags": ["x_transferred"]}, {"url": "https://go.dev/cl/578375", "tags": ["x_transferred"]}, {"url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0", "tags": ["x_transferred"]}, {"url": "https://pkg.go.dev/vuln/GO-2024-2824", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/08/3", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240605-0002/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0001/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://go.dev/issue/66754", "tags": ["x_transferred"]}, {"url": "https://go.dev/cl/578375", "tags": ["x_transferred"]}, {"url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0", "tags": ["x_transferred"]}, {"url": "https://pkg.go.dev/vuln/GO-2024-2824", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/08/3", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240605-0002/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0001/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:28:12.532Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-24788", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T19:38:26.198197Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T19:40:30.455Z"}}], "cna": {"title": "Malformed DNS message can cause infinite loop in net", "credits": [{"lang": "en", "value": "@long-name-let-people-remember-you"}, {"lang": "en", "value": "Mateusz Poliwczak"}], "affected": [{"vendor": "Go standard library", "product": "net", "versions": [{"status": "affected", "version": "1.22.0-0", "lessThan": "1.22.3", "versionType": "semver"}], "packageName": "net", "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "programRoutines": [{"name": "extractExtendedRCode"}, {"name": "Dial"}, {"name": "DialTimeout"}, {"name": "Dialer.Dial"}, {"name": "Dialer.DialContext"}, {"name": "Listen"}, {"name": "ListenConfig.Listen"}, {"name": "ListenConfig.ListenPacket"}, {"name": "ListenPacket"}, {"name": "LookupAddr"}, {"name": "LookupCNAME"}, {"name": "LookupHost"}, {"name": "LookupIP"}, {"name": "LookupMX"}, {"name": "LookupNS"}, {"name": "LookupSRV"}, {"name": "LookupTXT"}, {"name": "ResolveIPAddr"}, {"name": "ResolveTCPAddr"}, {"name": "ResolveUDPAddr"}, {"name": "Resolver.LookupAddr"}, {"name": "Resolver.LookupCNAME"}, {"name": "Resolver.LookupHost"}, {"name": "Resolver.LookupIP"}, {"name": "Resolver.LookupIPAddr"}, {"name": "Resolver.LookupMX"}, {"name": "Resolver.LookupNS"}, {"name": "Resolver.LookupNetIP"}, {"name": "Resolver.LookupSRV"}, {"name": "Resolver.LookupTXT"}]}], "references": [{"url": "https://go.dev/issue/66754"}, {"url": "https://go.dev/cl/578375"}, {"url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0"}, {"url": "https://pkg.go.dev/vuln/GO-2024-2824"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/08/3"}, {"url": "https://security.netapp.com/advisory/ntap-20240605-0002/"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0001/"}], "descriptions": [{"lang": "en", "value": "A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE 400: Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2024-05-09T20:25:03.081Z"}}}, "cveMetadata": {"cveId": "CVE-2024-24788", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:28:12.532Z", "dateReserved": "2024-01-30T16:05:14.758Z", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "datePublished": "2024-05-08T15:31:11.619Z", "assignerShortName": "Go"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop."}, {"lang": "es", "value": "Un mensaje DNS con formato incorrecto en respuesta a una consulta puede hacer que las funciones de b\u00fasqueda se atasquen en un bucle infinito."}], "id": "CVE-2024-24788", "lastModified": "2024-06-14T13:15:50.670", "metrics": {}, "published": "2024-05-08T16:15:08.250", "references": [{"source": "security@golang.org", "url": "http://www.openwall.com/lists/oss-security/2024/05/08/3"}, {"source": "security@golang.org", "url": "https://go.dev/cl/578375"}, {"source": "security@golang.org", "url": "https://go.dev/issue/66754"}, {"source": "security@golang.org", "url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0"}, {"source": "security@golang.org", "url": "https://pkg.go.dev/vuln/GO-2024-2824"}, {"source": "security@golang.org", "url": "https://security.netapp.com/advisory/ntap-20240605-0002/"}, {"source": "security@golang.org", "url": "https://security.netapp.com/advisory/ntap-20240614-0001/"}], "sourceIdentifier": "security@golang.org", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:6221", "cpe": "cpe:/a:redhat:openshift_builds:1.1::el9", "package": "openshift-builds-waiters-container", "product_name": "Builds for Red Hat OpenShift", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6462", "cpe": "cpe:/a:redhat:cost_management:1::el8", "package": "costmanagement/costmanagement-metrics-operator-bundle:3.3.1-1", "product_name": "Cost Management for RHEL 8", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:6462", "cpe": "cpe:/a:redhat:cost_management:1::el8", "package": "costmanagement/costmanagement-metrics-rhel8-operator:3.3.1-1", "product_name": "Cost Management for RHEL 8", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-db-rhel8:3.0.0-7", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8:3.0.0-6", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-operator-bundle:3.0.0-6", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8:3.0.0-7", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-reports-rhel8:3.0.0-6", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-rhel8:3.0.0-6", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-rhel8-operator:3.0.0-6", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-storage-rhel8:3.0.0-7", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/jfr-datasource-rhel8:3.0.0-6", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:4982", "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.3::el9", "package": "oadp/oadp-velero-rhel9:1.3.3-8", "product_name": "OADP-1.3-RHEL-9", "release_date": "2024-08-01T00:00:00Z"}, {"advisory": "RHSA-2024:6765", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "receptor-0:1.4.8-1.1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6765", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "receptor-0:1.4.8-1.1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:5291", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "grafana-0:9.2.10-17.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:4616", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "openshift-clients-0:4.16.0-202407111006.p0.gfa84651.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4616", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "ose-aws-ecr-image-credential-provider-0:4.16.0-202407120242.p0.ga53e9de.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4616", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "ose-azure-acr-image-credential-provider-0:4.16.0-202407120242.p0.g0e95532.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4616", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "ose-gcp-gcr-image-credential-provider-0:4.16.0-202407120242.p0.g26b43df.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4616", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "skopeo-2:1.14.5-1.rhaos4.16.el8", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/egress-router-cni-rhel9:v4.16.0-202407180206.p0.g7089efe.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/network-tools-rhel9:v4.16.0-202407150636.p0.g39eca10.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-agent-installer-api-server-rhel9:v4.16.0-202407181636.p0.g6b26a25.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-agent-installer-csr-approver-rhel9:v4.16.0-202407111006.p0.g373c87a.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-agent-installer-node-agent-rhel9:v4.16.0-202407180936.p0.g9ca7b58.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-agent-installer-utils-rhel9:v4.16.0-202407181636.p0.g6e6bb40.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-baremetal-installer-rhel9:v4.16.0-202407161206.p0.g41969e2.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-baremetal-rhel9-operator:v4.16.0-202407101906.p0.gf7a6e7f.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cli-artifacts-rhel9:v4.16.0-202407111006.p0.gfa84651.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cli-rhel9:v4.16.0-202407111006.p0.gfa84651.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cloud-credential-rhel9-operator:v4.16.0-202407142206.p0.gfffc75d.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-ingress-rhel9-operator:v4.16.0-202407121806.p0.gaf5d3f6.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-kube-apiserver-rhel9-operator:v4.16.0-202407101906.p0.g0afad8a.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-monitoring-rhel9-operator:v4.16.0-202407121106.p0.gcb3d884.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-network-rhel9-operator:v4.16.0-202407101706.p0.gdc0ef57.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-node-tuning-rhel9-operator:v4.16.0-202407150636.p0.g2bd8891.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-version-rhel9-operator:v4.16.0-202407111837.p0.g49b0f18.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-console-rhel9:v4.16.0-202407181806.p0.g897c0f7.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-console-rhel9-operator:v4.16.0-202407111306.p0.g595d9d4.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-docker-builder-rhel9:v4.16.0-202407150135.p0.g3b7a1b1.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-hypershift-rhel9:v4.16.0-202407181636.p0.g5a87f94.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-ibm-vpc-block-csi-driver-rhel9:v4.16.0-202407101507.p0.g9571973.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-ibm-vpc-block-csi-driver-rhel9-operator:v4.16.0-202407110607.p0.g72d41aa.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-installer-altinfra-rhel9:v4.16.0-202407161206.p0.g41969e2.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-installer-artifacts-rhel9:v4.16.0-202407161505.p0.g41969e2.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-installer-rhel9:v4.16.0-202407161505.p0.g41969e2.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-ironic-machine-os-downloader-rhel9:v4.16.0-202407150135.p0.g93b8b5f.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-machine-config-rhel9-operator:v4.16.0-202407101706.p0.gd70a17f.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-must-gather-rhel9:v4.16.0-202407111006.p0.gaea114c.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-openshift-controller-manager-rhel9:v4.16.0-202407161940.p0.gf0536ca.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-operator-lifecycle-manager-rhel9:v4.16.0-202407171536.p0.g1551101.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-operator-registry-rhel9:v4.16.0-202407171536.p0.g1551101.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-ovn-kubernetes-rhel9:v4.16.0-202407111006.p0.g7f41283.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-prometheus-rhel9:v4.16.0-202407160436.p0.g54b1197.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-sdn-rhel9:v4.16.0-202407111006.p0.g5b658c4.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-tests-rhel9:v4.16.0-202407151406.p0.gac6867d.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-tools-rhel9:v4.16.0-202407150636.p0.gfa84651.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:5547", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/cephcsi-rhel9:v4.16.1-3", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/client-kn-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-controller-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-istio-controller-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-mtping-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-webhook-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/func-utils-rhel8:1.33.1-1", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/ingress-rhel8-operator:1.33.1-2", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/knative-rhel8-operator:1.33.1-2", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/kn-cli-artifacts-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/kourier-control-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/net-istio-controller-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/net-istio-webhook-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serverless-operator-bundle:1.33.1-2", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serverless-rhel8-operator:1.33.1-2", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-activator-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-autoscaler-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-controller-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-queue-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-storage-version-migration-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-webhook-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/svls-must-gather-rhel8:1.33.1-1", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1-tech-preview/backstage-plugins-eventmesh-rhel8:1.33.1-1", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}], "bugzilla": {"description": "golang: net: malformed DNS message can cause infinite loop", "id": "2279814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-835", "details": ["A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.", "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-24788", "package_state": [{"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Affected", "package_name": "cert-manager/cert-manager-operator-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cryostat:2", "fix_state": "Affected", "package_name": "cryostat-20-tech-preview/cryostat-rhel8-operator", "product_name": "Cryostat 2"}, {"cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2", "fix_state": "Not affected", "package_name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8", "product_name": "Custom metric autoscaler Operator for Red Hat Openshift"}, {"cpe": "cpe:/a:redhat:workload_availability_fence_agents_remediation", "fix_state": "Affected", "package_name": "workload-availability/fence-agents-remediation-rhel8-operator", "product_name": "Fence Agents Remediation Operator"}, {"cpe": "cpe:/a:redhat:kube_descheduler_operator:5", "fix_state": "Affected", "package_name": "kube-descheduler-operator/descheduler-rhel9", "product_name": "Kube Descheduler Operator"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/logging-loki-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:lvms:4", "fix_state": "Will not fix", "package_name": "lvms4/topolvm-rhel9", "product_name": "Logical Volume Manager Storage"}, {"cpe": "cpe:/a:redhat:workload_availability_machine_deletion_remediation", "fix_state": "Affected", "package_name": "workload-availability/machine-deletion-remediation-rhel8-operator", "product_name": "Machine Deletion Remediation Operator"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:6", "fix_state": "Affected", "package_name": "mta/mta-hub-rhel8", "product_name": "Migration Toolkit for Applications 6"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:7", "fix_state": "Affected", "package_name": "mta/mta-cli-rhel9", "product_name": "Migration Toolkit for Applications 7"}, {"cpe": "cpe:/a:redhat:rhmt", "fix_state": "Affected", "package_name": "rhmtc/openshift-migration-registry-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "migration-toolkit-virtualization/mtv-api-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:mirror_registry:1", "fix_state": "Affected", "package_name": "mirror-registry-container", "product_name": "mirror registry for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Will not fix", "package_name": "multicluster-engine/hive-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:network_bound_disk_encryption_tang:1", "fix_state": "Affected", "package_name": "tang-operator-container", "product_name": "NBDE Tang Server"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Not affected", "package_name": "network-observability/network-observability-rhel8-operator", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_node_healthcheck", "fix_state": "Affected", "package_name": "workload-availability/node-healthcheck-rhel8-operator", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:workload_availability:4", "fix_state": "Affected", "package_name": "node-maintenance-operator-container", "product_name": "Node Maintenance Operator"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "helm", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Not affected", "package_name": "ocp-tools-4/jenkins-rhel8", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines-client", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:run_once_duration_override_operator:1", "fix_state": "Affected", "package_name": "run-once-duration-override-operator/run-once-duration-override-rhel8", "product_name": "OpenShift Run Once Duration Override Operator"}, {"cpe": "cpe:/a:redhat:openshift_secondary_scheduler:1", "fix_state": "Affected", "package_name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8", "product_name": "OpenShift Secondary Scheduler Operator"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Affected", "package_name": "openshift-serverless-clients", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:source_to_image:1", "fix_state": "Affected", "package_name": "source-to-image-container", "product_name": "OpenShift Source-to-Image (S2I) Builder Image"}, {"cpe": "cpe:/a:redhat:openshift_power_monitoring", "fix_state": "Affected", "package_name": "kepler-container", "product_name": "Power monitoring for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-operator-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/subctl-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Affected", "package_name": "rhceph/rhceph-5-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:ceph_storage:6", "fix_state": "Affected", "package_name": "rhceph/rhceph-6-dashboard-rhel9", "product_name": "Red Hat Ceph Storage 6"}, {"cpe": "cpe:/a:redhat:ceph_storage:7", "fix_state": "Affected", "package_name": "rhceph/grafana-rhel9", "product_name": "Red Hat Ceph Storage 7"}, {"cpe": "cpe:/a:redhat:certifications:1::el8", "fix_state": "Affected", "package_name": "redhat-certification-preflight", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:certifications:1::el9", "fix_state": "Affected", "package_name": "redhat-certification-preflight", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Affected", "package_name": "rhdh-hub-container", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:devtools:", "fix_state": "Affected", "package_name": "go-toolset-1.19-golang", "product_name": "Red Hat Developer Tools"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/conmon", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/oci-seccomp-bpf-hook", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/runc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/skopeo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "container-tools:4.0/toolbox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/conmon", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "container-tools:rhel8/containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "container-tools:rhel8/oci-seccomp-bpf-hook", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "container-tools:rhel8/runc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "container-tools:rhel8/skopeo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "container-tools:rhel8/toolbox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "git-lfs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "go-toolset:rhel8/golang", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "go-toolset:rhel8/go-toolset", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "weldr-client", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "butane", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "conmon", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "git-lfs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "golang", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "oci-seccomp-bpf-hook", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "runc", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "skopeo", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "toolbox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "weldr-client", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "conmon-rs", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift-golang-builder-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Under investigation", "package_name": "rhods/odh-operator-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Under investigation", "package_name": "rhods/odh-rhel8-operator", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/udi-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/tempo-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/gitops-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1", "fix_state": "Affected", "package_name": "openshift-sandboxed-containers-tech-preview/osc-rhel8-operator", "product_name": "Red Hat Openshift sandboxed containers"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "kubevirt", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "openshift-golang-builder-container", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "package_name": "golang-github-infrawatch-apputils", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "package_name": "golang-qpid-apache", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "package_name": "qpid-proton", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "rhosp-rhel8/osp-director-agent", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Affected", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Will not fix", "package_name": "golang-github-infrawatch-apputils", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Will not fix", "package_name": "golang-qpid-apache", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Will not fix", "package_name": "qpid-proton", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Affected", "package_name": "rhosp-rhel9/osp-director-agent", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Will not fix", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Affected", "package_name": "ovn-operator-container", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/clair-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:service_interconnect:1", "fix_state": "Will not fix", "package_name": "qpid-proton", "product_name": "Red Hat Service Interconnect 1"}, {"cpe": "cpe:/a:redhat:service_interconnect:1", "fix_state": "Affected", "package_name": "skupper-cli", "product_name": "Red Hat Service Interconnect 1"}, {"cpe": "cpe:/a:redhat:service_interconnect:1", "fix_state": "Will not fix", "package_name": "skupper-router", "product_name": "Red Hat Service Interconnect 1"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "golang", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Under investigation", "package_name": "heketi", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:webterminal:1", "fix_state": "Affected", "package_name": "web-terminal-exec-container", "product_name": "Red Hat Web Terminal"}, {"cpe": "cpe:/a:redhat:workload_availability_self_node_remediation", "fix_state": "Affected", "package_name": "workload-availability/self-node-remediation-rhel8-operator", "product_name": "Self Node Remediation Operator"}, {"cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "fix_state": "Will not fix", "package_name": "stf/sg-core-rhel8", "product_name": "Service Telemetry Framework 1.5 for RHEL 8"}], "public_date": "2024-05-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-24788\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-24788\nhttps://pkg.go.dev/vuln/GO-2024-2824"], "threat_severity": "Moderate", "upstream_fix": "Go 1.22.3, Go 1.21.10"}