{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34156", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2024-05-01T18:45:34.846Z", "datePublished": "2024-09-06T20:42:42.661Z", "dateUpdated": "2024-09-26T15:03:08.203Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2024-09-06T20:42:42.661Z"}, "title": "Stack exhaustion in Decoder.Decode in encoding/gob", "descriptions": [{"lang": "en", "value": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635."}], "affected": [{"vendor": "Go standard library", "product": "encoding/gob", "collectionURL": "https://pkg.go.dev", "packageName": "encoding/gob", "versions": [{"version": "0", "lessThan": "1.22.7", "status": "affected", "versionType": "semver"}, {"version": "1.23.0-0", "lessThan": "1.23.1", "status": "affected", "versionType": "semver"}], "programRoutines": [{"name": "Decoder.decIgnoreOpFor"}, {"name": "Decoder.Decode"}, {"name": "Decoder.DecodeValue"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-674: Uncontrolled Recursion"}]}], "references": [{"url": "https://go.dev/cl/611239"}, {"url": "https://go.dev/issue/69139"}, {"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"}, {"url": "https://pkg.go.dev/vuln/GO-2024-3106"}], "credits": [{"lang": "en", "value": "Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu)"}]}, "adp": [{"affected": [{"vendor": "go_standard_library", "product": "encoding\\/gob", "cpes": ["cpe:2.3:a:go_standard_library:encoding\\/gob:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.22.7", "versionType": "semver"}, {"version": "1.23.0-0", "status": "affected", "lessThan": "1.23.1", "versionType": "semver"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-09T14:04:16.338747Z", "id": "CVE-2024-34156", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T14:29:46.867Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20240926-0004/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-26T15:03:08.203Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20240926-0004/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-26T15:03:08.203Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-34156", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-09T14:04:16.338747Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:go_standard_library:encoding\\/gob:*:*:*:*:*:*:*:*"], "vendor": "go_standard_library", "product": "encoding\\/gob", "versions": [{"status": "affected", "version": "0", "lessThan": "1.22.7", "versionType": "semver"}, {"status": "affected", "version": "1.23.0-0", "lessThan": "1.23.1", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T14:06:46.233Z"}}], "cna": {"title": "Stack exhaustion in Decoder.Decode in encoding/gob", "credits": [{"lang": "en", "value": "Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu)"}], "affected": [{"vendor": "Go standard library", "product": "encoding/gob", "versions": [{"status": "affected", "version": "0", "lessThan": "1.22.7", "versionType": "semver"}, {"status": "affected", "version": "1.23.0-0", "lessThan": "1.23.1", "versionType": "semver"}], "packageName": "encoding/gob", "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "programRoutines": [{"name": "Decoder.decIgnoreOpFor"}, {"name": "Decoder.Decode"}, {"name": "Decoder.DecodeValue"}]}], "references": [{"url": "https://go.dev/cl/611239"}, {"url": "https://go.dev/issue/69139"}, {"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"}, {"url": "https://pkg.go.dev/vuln/GO-2024-3106"}], "descriptions": [{"lang": "en", "value": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-674: Uncontrolled Recursion"}]}], "providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2024-09-06T20:42:42.661Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34156", "state": "PUBLISHED", "dateUpdated": "2024-09-26T15:03:08.203Z", "dateReserved": "2024-05-01T18:45:34.846Z", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "datePublished": "2024-09-06T20:42:42.661Z", "assignerShortName": "Go"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635."}, {"lang": "es", "value": "Llamar a Decoder.Decode en un mensaje que contiene estructuras profundamente anidadas puede provocar un p\u00e1nico debido al agotamiento de la pila. Esta es una continuaci\u00f3n de CVE-2022-30635."}], "id": "CVE-2024-34156", "lastModified": "2024-09-09T15:35:07.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-09-06T21:15:12.020", "references": [{"source": "security@golang.org", "url": "https://go.dev/cl/611239"}, {"source": "security@golang.org", "url": "https://go.dev/issue/69139"}, {"source": "security@golang.org", "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"}, {"source": "security@golang.org", "url": "https://pkg.go.dev/vuln/GO-2024-3106"}], "sourceIdentifier": "security@golang.org", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:6908", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "go-toolset:rhel8-8100020240918165244.a3795dee", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-23T00:00:00Z"}, {"advisory": "RHSA-2024:7135", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "git-lfs-0:3.4.1-3.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-25T00:00:00Z"}, {"advisory": "RHSA-2024:7262", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "osbuild-composer-0:101-2.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7205", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "osbuild-composer-0:28.7-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7205", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "osbuild-composer-0:28.7-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7205", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "osbuild-composer-0:28.7-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7261", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "osbuild-composer-0:46.3-2.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7261", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "osbuild-composer-0:46.3-2.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7261", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "osbuild-composer-0:46.3-2.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:6912", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "go-toolset:rhel8-8080020240916183629.6b4b45d8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-09-23T00:00:00Z"}, {"advisory": "RHSA-2024:7206", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "osbuild-composer-0:75-2.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:6913", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "golang-0:1.21.13-3.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-23T00:00:00Z"}, {"advisory": "RHSA-2024:6946", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "grafana-pcp-0:5.1.1-3.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-23T00:00:00Z"}, {"advisory": "RHSA-2024:6947", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "grafana-0:9.2.10-17.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-23T00:00:00Z"}, {"advisory": "RHSA-2024:7136", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "git-lfs-0:3.4.1-4.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-25T00:00:00Z"}, {"advisory": "RHSA-2024:7204", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "osbuild-composer-0:101-2.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7102", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "grafana-0:7.5.11-7.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-09-25T00:00:00Z"}, {"advisory": "RHSA-2024:7103", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "grafana-pcp-0:3.2.0-3.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-09-25T00:00:00Z"}, {"advisory": "RHSA-2024:7208", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "osbuild-composer-0:46.3-2.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:6914", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "golang-0:1.19.13-12.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-23T00:00:00Z"}, {"advisory": "RHSA-2024:7202", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "grafana-0:9.0.9-5.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7203", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "git-lfs-0:3.2.0-2.el9_2.1", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7207", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "osbuild-composer-0:76-3.el9_2.2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-26T00:00:00Z"}], "bugzilla": {"description": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", "id": "2310528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-674", "details": ["Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-34156", "package_state": [{"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Affected", "package_name": "openshift-builds/openshift-builds-waiters-rhel8", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Affected", "package_name": "cert-manager/jetstack-cert-manager-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cryostat:3", "fix_state": "Affected", "package_name": "cryostat-tech-preview/cryostat-storage-rhel8", "product_name": "Cryostat 3"}, {"cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2", "fix_state": "Affected", "package_name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8", "product_name": "Custom metric autoscaler Operator for Red Hat Openshift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/logging-loki-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:7", "fix_state": "Affected", "package_name": "mta/mta-hub-rhel9", "product_name": "Migration Toolkit for Applications 7"}, {"cpe": "cpe:/a:redhat:rhmt", "fix_state": "Affected", "package_name": "rhmtc/openshift-migration-controller-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "migration-toolkit-virtualization/mtv-api-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Affected", "package_name": "multicluster-engine/hive-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Affected", "package_name": "network-observability/network-observability-ebpf-agent-rhel8", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:workload_availability:4", "fix_state": "Affected", "package_name": "node-maintenance-operator-container", "product_name": "Node Maintenance Operator"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Affected", "package_name": "oadp/oadp-velero-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "openshift-serverless-1/client-kn-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "openshift-serverless-clients", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-golang-builder-container", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/subctl-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Will not fix", "package_name": "aap-cloud-ui-container", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Affected", "package_name": "rhceph/rhceph-5-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:ceph_storage:6", "fix_state": "Affected", "package_name": "rhceph/rhceph-6-dashboard-rhel9", "product_name": "Red Hat Ceph Storage 6"}, {"cpe": "cpe:/a:redhat:ceph_storage:7", "fix_state": "Affected", "package_name": "rhceph/grafana-rhel9", "product_name": "Red Hat Ceph Storage 7"}, {"cpe": "cpe:/a:redhat:hybrid_cloud_gateway:1::el9", "fix_state": "Affected", "package_name": "dns-operator-container", "product_name": "Red Hat Connectivity Link"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "container-tools:rhel8/buildah", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "container-tools:rhel8/containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "container-tools:rhel8/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "container-tools:rhel8/skopeo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "buildah", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "ignition", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "opentelemetry-collector", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "skopeo", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "odh-operator-container", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "buildah", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "containernetworking-plugins", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift-golang-builder-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "podman", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "skopeo", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Affected", "package_name": "rhai-tech-preview/assisted-installer-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-cli-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-operator-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-rhel8-operator", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/udi-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/gitops-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_service_on_aws:1", "fix_state": "Affected", "package_name": "rosa", "product_name": "Red Hat OpenShift on AWS"}, {"cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1", "fix_state": "Affected", "package_name": "osc-podvm-builder-container", "product_name": "Red Hat Openshift sandboxed containers"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "openshift-golang-builder-container", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "rhosp-rhel8/osp-director-agent", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Affected", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Affected", "package_name": "nova-operator-container", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:service_interconnect:1", "fix_state": "Affected", "package_name": "skupper-cli", "product_name": "Red Hat Service Interconnect 1"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "golang", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "heketi", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:workload_availability_self_node_remediation", "fix_state": "Affected", "package_name": "workload-availability/self-node-remediation-rhel8-operator", "product_name": "Self Node Remediation Operator"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Affected", "package_name": "golang-github-danielqsj-kafka_exporter", "product_name": "streams for Apache Kafka"}], "public_date": "2024-09-06T21:15:12Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-34156\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-34156\nhttps://go.dev/cl/611239\nhttps://go.dev/issue/69139\nhttps://groups.google.com/g/golang-dev/c/S9POB9NCTdk\nhttps://pkg.go.dev/vuln/GO-2024-3106"], "statement": "This vulnerability in Go's `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.", "threat_severity": "Important"}