The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
History

Thu, 31 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_data_foundation:4.17::el9

Wed, 02 Oct 2024 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.17::el9

Tue, 01 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.17::el8

Wed, 18 Sep 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Data Foundation
CPEs cpe:/a:redhat:openshift_data_foundation:4.16::el9
Vendors & Products Redhat openshift Data Foundation

Fri, 06 Sep 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift
CPEs cpe:/a:redhat:openshift:4.16::el9
Vendors & Products Redhat openshift

Thu, 08 Aug 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat service Mesh
CPEs cpe:/a:redhat:service_mesh:2.6::el8
cpe:/a:redhat:service_mesh:2.6::el9
Vendors & Products Redhat service Mesh

Wed, 07 Aug 2024 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat network Observ Optr
CPEs cpe:/a:redhat:network_observ_optr:1.6.0::el9
Vendors & Products Redhat network Observ Optr

cve-icon MITRE

Status: PUBLISHED

Assigner: Go

Published: 2024-06-05T15:13:51.938Z

Updated: 2024-08-01T23:28:12.584Z

Reserved: 2024-01-30T16:05:14.758Z

Link: CVE-2024-24789

cve-icon Vulnrichment

Updated: 2024-08-01T23:28:12.584Z

cve-icon NVD

Status : Modified

Published: 2024-06-05T16:15:10.470

Modified: 2024-07-03T01:48:25.510

Link: CVE-2024-24789

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-06-04T00:00:00Z

Links: CVE-2024-24789 - Bugzilla