{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-24788", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2024-01-30T16:05:14.758Z", "datePublished": "2024-05-08T15:31:11.619Z", "dateUpdated": "2025-02-13T17:40:27.179Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2024-06-14T13:06:06.195Z"}, "title": "Malformed DNS message can cause infinite loop in net", "descriptions": [{"lang": "en", "value": "A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop."}], "affected": [{"vendor": "Go standard library", "product": "net", "collectionURL": "https://pkg.go.dev", "packageName": "net", "versions": [{"version": "1.22.0-0", "lessThan": "1.22.3", "status": "affected", "versionType": "semver"}], "programRoutines": [{"name": "extractExtendedRCode"}, {"name": "Dial"}, {"name": "DialTimeout"}, {"name": "Dialer.Dial"}, {"name": "Dialer.DialContext"}, {"name": "Listen"}, {"name": "ListenConfig.Listen"}, {"name": "ListenConfig.ListenPacket"}, {"name": "ListenPacket"}, {"name": "LookupAddr"}, {"name": "LookupCNAME"}, {"name": "LookupHost"}, {"name": "LookupIP"}, {"name": "LookupMX"}, {"name": "LookupNS"}, {"name": "LookupSRV"}, {"name": "LookupTXT"}, {"name": "ResolveIPAddr"}, {"name": "ResolveTCPAddr"}, {"name": "ResolveUDPAddr"}, {"name": "Resolver.LookupAddr"}, {"name": "Resolver.LookupCNAME"}, {"name": "Resolver.LookupHost"}, {"name": "Resolver.LookupIP"}, {"name": "Resolver.LookupIPAddr"}, {"name": "Resolver.LookupMX"}, {"name": "Resolver.LookupNS"}, {"name": "Resolver.LookupNetIP"}, {"name": "Resolver.LookupSRV"}, {"name": "Resolver.LookupTXT"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE 400: Uncontrolled Resource Consumption"}]}], "references": [{"url": "https://go.dev/issue/66754"}, {"url": "https://go.dev/cl/578375"}, {"url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0"}, {"url": "https://pkg.go.dev/vuln/GO-2024-2824"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/08/3"}, {"url": "https://security.netapp.com/advisory/ntap-20240605-0002/"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0001/"}], "credits": [{"lang": "en", "value": "@long-name-let-people-remember-you"}, {"lang": "en", "value": "Mateusz Poliwczak"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-835", "lang": "en", "description": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T19:38:26.198197Z", "id": "CVE-2024-24788", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-21T15:42:56.985Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:28:12.532Z"}, "title": "CVE Program Container", "references": [{"url": "https://go.dev/issue/66754", "tags": ["x_transferred"]}, {"url": "https://go.dev/cl/578375", "tags": ["x_transferred"]}, {"url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0", "tags": ["x_transferred"]}, {"url": "https://pkg.go.dev/vuln/GO-2024-2824", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/08/3", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240605-0002/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0001/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://go.dev/issue/66754", "tags": ["x_transferred"]}, {"url": "https://go.dev/cl/578375", "tags": ["x_transferred"]}, {"url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0", "tags": ["x_transferred"]}, {"url": "https://pkg.go.dev/vuln/GO-2024-2824", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/08/3", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240605-0002/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0001/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:28:12.532Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-24788", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T19:38:26.198197Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-835", "description": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T19:40:30.455Z"}}], "cna": {"title": "Malformed DNS message can cause infinite loop in net", "credits": [{"lang": "en", "value": "@long-name-let-people-remember-you"}, {"lang": "en", "value": "Mateusz Poliwczak"}], "affected": [{"vendor": "Go standard library", "product": "net", "versions": [{"status": "affected", "version": "1.22.0-0", "lessThan": "1.22.3", "versionType": "semver"}], "packageName": "net", "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "programRoutines": [{"name": "extractExtendedRCode"}, {"name": "Dial"}, {"name": "DialTimeout"}, {"name": "Dialer.Dial"}, {"name": "Dialer.DialContext"}, {"name": "Listen"}, {"name": "ListenConfig.Listen"}, {"name": "ListenConfig.ListenPacket"}, {"name": "ListenPacket"}, {"name": "LookupAddr"}, {"name": "LookupCNAME"}, {"name": "LookupHost"}, {"name": "LookupIP"}, {"name": "LookupMX"}, {"name": "LookupNS"}, {"name": "LookupSRV"}, {"name": "LookupTXT"}, {"name": "ResolveIPAddr"}, {"name": "ResolveTCPAddr"}, {"name": "ResolveUDPAddr"}, {"name": "Resolver.LookupAddr"}, {"name": "Resolver.LookupCNAME"}, {"name": "Resolver.LookupHost"}, {"name": "Resolver.LookupIP"}, {"name": "Resolver.LookupIPAddr"}, {"name": "Resolver.LookupMX"}, {"name": "Resolver.LookupNS"}, {"name": "Resolver.LookupNetIP"}, {"name": "Resolver.LookupSRV"}, {"name": "Resolver.LookupTXT"}]}], "references": [{"url": "https://go.dev/issue/66754"}, {"url": "https://go.dev/cl/578375"}, {"url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0"}, {"url": "https://pkg.go.dev/vuln/GO-2024-2824"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/08/3"}, {"url": "https://security.netapp.com/advisory/ntap-20240605-0002/"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0001/"}], "descriptions": [{"lang": "en", "value": "A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE 400: Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2024-06-14T13:06:06.195Z"}}}, "cveMetadata": {"cveId": "CVE-2024-24788", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:40:27.179Z", "dateReserved": "2024-01-30T16:05:14.758Z", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "datePublished": "2024-05-08T15:31:11.619Z", "assignerShortName": "Go"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop."}, {"lang": "es", "value": "Un mensaje DNS con formato incorrecto en respuesta a una consulta puede hacer que las funciones de b\u00fasqueda se atasquen en un bucle infinito."}], "id": "CVE-2024-24788", "lastModified": "2024-11-21T16:15:22.527", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-08T16:15:08.250", "references": [{"source": "security@golang.org", "url": "http://www.openwall.com/lists/oss-security/2024/05/08/3"}, {"source": "security@golang.org", "url": "https://go.dev/cl/578375"}, {"source": "security@golang.org", "url": "https://go.dev/issue/66754"}, {"source": "security@golang.org", "url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0"}, {"source": "security@golang.org", "url": "https://pkg.go.dev/vuln/GO-2024-2824"}, {"source": "security@golang.org", "url": "https://security.netapp.com/advisory/ntap-20240605-0002/"}, {"source": "security@golang.org", "url": "https://security.netapp.com/advisory/ntap-20240614-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/05/08/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://go.dev/cl/578375"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://go.dev/issue/66754"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://pkg.go.dev/vuln/GO-2024-2824"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240605-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240614-0001/"}], "sourceIdentifier": "security@golang.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:6221", "cpe": "cpe:/a:redhat:openshift_builds:1.1::el9", "package": "openshift-builds-waiters-container", "product_name": "Builds for Red Hat OpenShift", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6462", "cpe": "cpe:/a:redhat:cost_management:1::el8", "package": "costmanagement/costmanagement-metrics-operator-bundle:3.3.1-1", "product_name": "Cost Management for RHEL 8", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:6462", "cpe": "cpe:/a:redhat:cost_management:1::el8", "package": "costmanagement/costmanagement-metrics-rhel8-operator:3.3.1-1", "product_name": "Cost Management for RHEL 8", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-db-rhel8:3.0.0-7", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8:3.0.0-6", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-operator-bundle:3.0.0-6", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8:3.0.0-7", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-reports-rhel8:3.0.0-6", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-rhel8:3.0.0-6", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-rhel8-operator:3.0.0-6", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-storage-rhel8:3.0.0-7", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:4697", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/jfr-datasource-rhel8:3.0.0-6", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-07-22T00:00:00Z"}, {"advisory": "RHSA-2024:6341", "cpe": "cpe:/a:redhat:kube_descheduler_operator:5.1::el9", "package": "kube-descheduler-operator/descheduler-rhel9:v5.1-17", "product_name": "KDO-5.1-RHEL-9", "release_date": "2024-10-23T00:00:00Z"}, {"advisory": "RHSA-2024:6341", "cpe": "cpe:/a:redhat:kube_descheduler_operator:5.1::el9", "package": "kube-descheduler-operator/kube-descheduler-operator-bundle:v5.1-16", "product_name": "KDO-5.1-RHEL-9", "release_date": "2024-10-23T00:00:00Z"}, {"advisory": "RHSA-2024:6341", "cpe": "cpe:/a:redhat:kube_descheduler_operator:5.1::el9", "package": "kube-descheduler-operator/kube-descheduler-rhel9-operator:v5.1-17", "product_name": "KDO-5.1-RHEL-9", "release_date": "2024-10-23T00:00:00Z"}, {"advisory": "RHSA-2024:4982", "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.3::el9", "package": "oadp/oadp-velero-rhel9:1.3.3-8", "product_name": "OADP-1.3-RHEL-9", "release_date": "2024-08-01T00:00:00Z"}, {"advisory": "RHEA-2024:7866", "cpe": "cpe:/a:redhat:openshift_pipelines:1.16::el8", "package": "openshift-pipelines-client-0:1.16.0-11647.el8", "product_name": "OpenShift-Pipelines-1.16-RHEL-8", "release_date": "2024-10-09T00:00:00Z"}, {"advisory": "RHSA-2024:6765", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "receptor-0:1.4.8-1.1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6765", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "receptor-0:1.4.8-1.1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2025:9776", "cpe": "cpe:/a:redhat:ceph_storage:8.1::el9", "package": "rhceph/grafana-rhel9:11.5.2-6", "product_name": "Red Hat Ceph Storage 8.1", "release_date": "2025-06-26T00:00:00Z"}, {"advisory": "RHSA-2025:9776", "cpe": "cpe:/a:redhat:ceph_storage:8.1::el9", "package": "rhceph/keepalived-rhel9:2.2.8-65", "product_name": "Red Hat Ceph Storage 8.1", "release_date": "2025-06-26T00:00:00Z"}, {"advisory": "RHSA-2025:9776", "cpe": "cpe:/a:redhat:ceph_storage:8.1::el9", "package": "rhceph/oauth2-proxy-rhel9:v7.6.0-27", "product_name": "Red Hat Ceph Storage 8.1", "release_date": "2025-06-26T00:00:00Z"}, {"advisory": "RHSA-2025:9776", "cpe": "cpe:/a:redhat:ceph_storage:8.1::el9", "package": "rhceph/rhceph-8-rhel9:8-492", "product_name": "Red Hat Ceph Storage 8.1", "release_date": "2025-06-26T00:00:00Z"}, {"advisory": "RHSA-2025:9776", "cpe": "cpe:/a:redhat:ceph_storage:8.1::el9", "package": "rhceph/rhceph-haproxy-rhel9:2.4.22-67", "product_name": "Red Hat Ceph Storage 8.1", "release_date": "2025-06-26T00:00:00Z"}, {"advisory": "RHSA-2025:9776", "cpe": "cpe:/a:redhat:ceph_storage:8.1::el9", "package": "rhceph/rhceph-promtail-rhel9:v3.0.0-34", "product_name": "Red Hat Ceph Storage 8.1", "release_date": "2025-06-26T00:00:00Z"}, {"advisory": "RHSA-2025:9776", "cpe": "cpe:/a:redhat:ceph_storage:8.1::el9", "package": "rhceph/snmp-notifier-rhel9:1.2.1-115", "product_name": "Red Hat Ceph Storage 8.1", "release_date": "2025-06-26T00:00:00Z"}, {"advisory": "RHSA-2024:5291", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "grafana-0:9.2.10-17.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:6969", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:rhel8-8100020240913121423.afee755d", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHBA-2024:3840", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "golang-0:1.21.10-1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-06-11T00:00:00Z"}, {"advisory": "RHSA-2024:9089", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "containernetworking-plugins-1:1.5.1-2.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9098", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "skopeo-2:1.16.1-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9115", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "grafana-0:10.2.6-4.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9135", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "toolbox-0:0.0.99.5-5.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9200", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "runc-4:1.1.13-4.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9277", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "oci-seccomp-bpf-hook-0:1.2.10-2.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2025:7256", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "git-lfs-0:3.6.1-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2024:7164", "cpe": "cpe:/a:redhat:rhmt:1.8::el8", "package": "rhmtc/openshift-migration-registry-rhel8:v1.8.4-11", "product_name": "Red Hat Migration Toolkit for Containers 1.8", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:4616", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "openshift-clients-0:4.16.0-202407111006.p0.gfa84651.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4616", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "ose-aws-ecr-image-credential-provider-0:4.16.0-202407120242.p0.ga53e9de.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4616", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "ose-azure-acr-image-credential-provider-0:4.16.0-202407120242.p0.g0e95532.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4616", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "ose-gcp-gcr-image-credential-provider-0:4.16.0-202407120242.p0.g26b43df.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4616", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "skopeo-2:1.14.5-1.rhaos4.16.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/egress-router-cni-rhel9:v4.16.0-202407180206.p0.g7089efe.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/network-tools-rhel9:v4.16.0-202407150636.p0.g39eca10.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-agent-installer-api-server-rhel9:v4.16.0-202407181636.p0.g6b26a25.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-agent-installer-csr-approver-rhel9:v4.16.0-202407111006.p0.g373c87a.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-agent-installer-node-agent-rhel9:v4.16.0-202407180936.p0.g9ca7b58.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-agent-installer-utils-rhel9:v4.16.0-202407181636.p0.g6e6bb40.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-baremetal-installer-rhel9:v4.16.0-202407161206.p0.g41969e2.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-baremetal-rhel9-operator:v4.16.0-202407101906.p0.gf7a6e7f.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cli-artifacts-rhel9:v4.16.0-202407111006.p0.gfa84651.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cli-rhel9:v4.16.0-202407111006.p0.gfa84651.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cloud-credential-rhel9-operator:v4.16.0-202407142206.p0.gfffc75d.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-ingress-rhel9-operator:v4.16.0-202407121806.p0.gaf5d3f6.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-kube-apiserver-rhel9-operator:v4.16.0-202407101906.p0.g0afad8a.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-monitoring-rhel9-operator:v4.16.0-202407121106.p0.gcb3d884.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-network-rhel9-operator:v4.16.0-202407101706.p0.gdc0ef57.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-node-tuning-rhel9-operator:v4.16.0-202407150636.p0.g2bd8891.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-cluster-version-rhel9-operator:v4.16.0-202407111837.p0.g49b0f18.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-console-rhel9:v4.16.0-202407181806.p0.g897c0f7.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-console-rhel9-operator:v4.16.0-202407111306.p0.g595d9d4.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-docker-builder-rhel9:v4.16.0-202407150135.p0.g3b7a1b1.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-hypershift-rhel9:v4.16.0-202407181636.p0.g5a87f94.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-ibm-vpc-block-csi-driver-rhel9:v4.16.0-202407101507.p0.g9571973.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-ibm-vpc-block-csi-driver-rhel9-operator:v4.16.0-202407110607.p0.g72d41aa.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-installer-altinfra-rhel9:v4.16.0-202407161206.p0.g41969e2.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-installer-artifacts-rhel9:v4.16.0-202407161505.p0.g41969e2.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-installer-rhel9:v4.16.0-202407161505.p0.g41969e2.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-ironic-machine-os-downloader-rhel9:v4.16.0-202407150135.p0.g93b8b5f.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-machine-config-rhel9-operator:v4.16.0-202407101706.p0.gd70a17f.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-must-gather-rhel9:v4.16.0-202407111006.p0.gaea114c.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-openshift-controller-manager-rhel9:v4.16.0-202407161940.p0.gf0536ca.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-operator-lifecycle-manager-rhel9:v4.16.0-202407171536.p0.g1551101.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-operator-registry-rhel9:v4.16.0-202407171536.p0.g1551101.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-ovn-kubernetes-rhel9:v4.16.0-202407111006.p0.g7f41283.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-prometheus-rhel9:v4.16.0-202407160436.p0.g54b1197.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-sdn-rhel9:v4.16.0-202407111006.p0.g5b658c4.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-tests-rhel9:v4.16.0-202407151406.p0.gac6867d.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-tools-rhel9:v4.16.0-202407150636.p0.gfa84651.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4613", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "redhat/redhat-operator-index:v4.16.0-202407171536.p0.g1551101.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/barbican-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/cinder-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/designate-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/glance-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/heat-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/horizon-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/infra-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/ironic-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/keystone-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/manila-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/mariadb-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/neutron-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/nova-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/octavia-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/openstack-baremetal-agent-rhel9:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/openstack-baremetal-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/openstack-must-gather-rhel9:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/openstack-rhel9-operator:1.0.4-6", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/ovn-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/placement-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/rabbitmq-cluster-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/sg-core-rhel9:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/swift-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/telemetry-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9485", "cpe": "cpe:/a:redhat:openstack_podified:1.0::el9", "package": "rhoso-operators/test-rhel9-operator:1.0.4-4", "product_name": "Red Hat OpenStack Services on OpenShift PODIFIED 1.0", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:5547", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/cephcsi-rhel9:v4.16.1-3", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2024-08-19T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/client-kn-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-controller-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-istio-controller-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-mtping-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/eventing-webhook-rhel8:1.12.0-7", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/func-utils-rhel8:1.33.1-1", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/ingress-rhel8-operator:1.33.1-2", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/knative-rhel8-operator:1.33.1-2", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/kn-cli-artifacts-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/kourier-control-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/net-istio-controller-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/net-istio-webhook-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serverless-operator-bundle:1.33.1-2", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serverless-rhel8-operator:1.33.1-2", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-activator-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-autoscaler-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-controller-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-queue-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-storage-version-migration-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/serving-webhook-rhel8:1.12.0-5", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1/svls-must-gather-rhel8:1.33.1-1", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1-tech-preview/backstage-plugins-eventmesh-rhel8:1.33.1-1", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4872", "cpe": "cpe:/a:redhat:openshift_serverless:1.33::el8", "package": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.12.0-6", "product_name": "RHOSS-1.33-RHEL-8", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:7548", "cpe": "cpe:/a:redhat:run_once_duration_override_operator:1.2::el9", "package": "run-once-duration-override-operator/run-once-duration-override-operator-bundle:v1.2-7", "product_name": "RODOO-1.2-RHEL-9", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:7548", "cpe": "cpe:/a:redhat:run_once_duration_override_operator:1.2::el9", "package": "run-once-duration-override-operator/run-once-duration-override-rhel9:v1.2-8", "product_name": "RODOO-1.2-RHEL-9", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:7548", "cpe": "cpe:/a:redhat:run_once_duration_override_operator:1.2::el9", "package": "run-once-duration-override-operator/run-once-duration-override-rhel9-operator:v1.2-8", "product_name": "RODOO-1.2-RHEL-9", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:5013", "cpe": "cpe:/a:redhat:openshift_builds:1.1::el9", "package": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9:sha256:4bd4dbe6aa6c06551763738b24c43e992b336dfae6c05728fc980ee0291b0ac6", "product_name": "Builds for Red Hat OpenShift 1.1.1", "release_date": "2024-08-05T00:00:00Z"}], "bugzilla": {"description": "golang: net: malformed DNS message can cause infinite loop", "id": "2279814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-835", "details": ["A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.", "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-24788", "package_state": [{"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Not affected", "package_name": "cert-manager/cert-manager-operator-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cryostat:2", "fix_state": "Affected", "package_name": "cryostat-tech-preview/cryostat-rhel8-operator", "product_name": "Cryostat 2"}, {"cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2", "fix_state": "Not affected", "package_name": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8", "product_name": "Custom Metric Autoscaler operator for Red Hat Openshift"}, {"cpe": "cpe:/a:redhat:workload_availability_fence_agents_remediation", "fix_state": "Will not fix", "package_name": "workload-availability/fence-agents-remediation-rhel8-operator", "product_name": "Fence Agents Remediation Operator"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/logging-loki-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:lvms:4", "fix_state": "Will not fix", "package_name": "lvms4/topolvm-rhel9", "product_name": "Logical Volume Manager Storage"}, {"cpe": "cpe:/a:redhat:workload_availability_machine_deletion_remediation", "fix_state": "Affected", "package_name": "workload-availability/machine-deletion-remediation-rhel8-operator", "product_name": "Machine Deletion Remediation Operator"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:6", "fix_state": "Will not fix", "package_name": "mta/mta-hub-rhel8", "product_name": "Migration Toolkit for Applications 6"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:7", "fix_state": "Will not fix", "package_name": "mta/mta-cli-rhel9", "product_name": "Migration Toolkit for Applications 7"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "migration-toolkit-virtualization/mtv-api-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:mirror_registry:1", "fix_state": "Affected", "package_name": "mirror-registry-container", "product_name": "mirror registry for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Will not fix", "package_name": "multicluster-engine/hive-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:network_bound_disk_encryption_tang:1", "fix_state": "Will not fix", "package_name": "tang-operator-container", "product_name": "NBDE Tang Server"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Not affected", "package_name": "network-observability/network-observability-rhel9-operator", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_node_healthcheck", "fix_state": "Will not fix", "package_name": "workload-availability/node-healthcheck-rhel8-operator", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_nmo:5", "fix_state": "Will not fix", "package_name": "workload-availability/node-maintenance-rhel8-operator", "product_name": "Node Maintenance Operator"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "helm", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Not affected", "package_name": "ocp-tools-4/jenkins-rhel8", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:openshift_secondary_scheduler:1", "fix_state": "Affected", "package_name": "openshift-secondary-scheduler-operator/secondary-scheduler-rhel9-operator", "product_name": "OpenShift Secondary Scheduler Operator"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Affected", "package_name": "openshift-serverless-clients", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:source_to_image:1", "fix_state": "Affected", "package_name": "source-to-image-container", "product_name": "OpenShift Source-to-Image (S2I)"}, {"cpe": "cpe:/a:redhat:openshift_power_monitoring", "fix_state": "Will not fix", "package_name": "kepler-container", "product_name": "Power monitoring for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Will not fix", "package_name": "3scale-operator-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/subctl-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Affected", "package_name": "rhceph/rhceph-5-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:ceph_storage:6", "fix_state": "Affected", "package_name": "rhceph/rhceph-6-dashboard-rhel9", "product_name": "Red Hat Ceph Storage 6"}, {"cpe": "cpe:/a:redhat:ceph_storage:7", "fix_state": "Affected", "package_name": "rhceph/grafana-rhel9", "product_name": "Red Hat Ceph Storage 7"}, {"cpe": "cpe:/a:redhat:certifications:1::el8", "fix_state": "Affected", "package_name": "redhat-certification-preflight", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:certifications:1::el9", "fix_state": "Affected", "package_name": "redhat-certification-preflight", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh/rhdh-hub-rhel9", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:devtools:", "fix_state": "Affected", "package_name": "go-toolset-1.19-golang", "product_name": "Red Hat Developer Tools"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "buildah", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "butane", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "conmon", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "delve", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "golang", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "golang-github-openprinting-ipp-usb", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "gvisor-tap-vsock", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "oci-seccomp-bpf-hook", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "skopeo", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "toolbox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "weldr-client", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/conmon", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/oci-seccomp-bpf-hook", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/runc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/skopeo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "container-tools:4.0/toolbox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "git-lfs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "go-toolset:rhel8/golang", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "go-toolset:rhel8/go-toolset", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "weldr-client", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "butane", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "conmon", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "weldr-client", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "conmon-rs", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift-golang-builder-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Affected", "package_name": "devspaces/udi-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Affected", "package_name": "rhosdt/tempo-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Affected", "package_name": "rhosdt/tempo-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/gitops-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1", "fix_state": "Affected", "package_name": "openshift-sandboxed-containers/osc-rhel8-operator", "product_name": "Red Hat Openshift Sandboxed Containers"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "kubevirt", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "openshift-golang-builder-container", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "package_name": "golang-github-infrawatch-apputils", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "package_name": "golang-qpid-apache", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "package_name": "qpid-proton", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "rhosp-rhel8/osp-director-agent", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Affected", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Will not fix", "package_name": "golang-github-infrawatch-apputils", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Will not fix", "package_name": "golang-qpid-apache", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Will not fix", "package_name": "qpid-proton", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Affected", "package_name": "rhosp-rhel9/osp-director-agent", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Will not fix", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Affected", "package_name": "ovn-operator-container", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/clair-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:service_interconnect:1", "fix_state": "Will not fix", "package_name": "qpid-proton", "product_name": "Red Hat Service Interconnect 1"}, {"cpe": "cpe:/a:redhat:service_interconnect:1", "fix_state": "Affected", "package_name": "skupper-cli", "product_name": "Red Hat Service Interconnect 1"}, {"cpe": "cpe:/a:redhat:service_interconnect:1", "fix_state": "Will not fix", "package_name": "skupper-router", "product_name": "Red Hat Service Interconnect 1"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "golang", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:webterminal:1", "fix_state": "Affected", "package_name": "web-terminal-exec-container", "product_name": "Red Hat Web Terminal"}, {"cpe": "cpe:/a:redhat:workload_availability_snr:0", "fix_state": "Will not fix", "package_name": "workload-availability/self-node-remediation-rhel8-operator", "product_name": "Self Node Remediation Operator"}, {"cpe": "cpe:/a:redhat:stf:1.5", "fix_state": "Will not fix", "package_name": "stf/sg-core-rhel8", "product_name": "Service Telemetry Framework 1.5"}], "public_date": "2024-05-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-24788\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-24788\nhttps://pkg.go.dev/vuln/GO-2024-2824"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nThe platform enforces hardening guidelines to ensure the most restrictive setting needed for operational requirements. Event logs are collected and processed for centralization, correlation, analysis, monitoring, reporting, alerting, and retention. This process ensures that audit logs are generated for specific events involving sensitive information, enabling capabilities like excessive CPU usage, long execution times, or processes consuming abnormal amounts of memory. Static code analysis and peer code review techniques are used to execute robust input validation and error-handling mechanisms to ensure all user inputs are thoroughly validated, preventing infinite loops caused by malformed or unexpected input, such as unbounded user input or unexpected null values that cause loops to never terminate. In the event of successful exploitation, process isolation limits the effect of an infinite loop to a single process rather than allowing it to consume all system resources.", "threat_severity": "Moderate"}

{}