CVE-2024-24786

EUVD-2024-0879
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
golanggo
𝑥
< 1.33.0
ADP
Debian logo
Debian Releases
Debian Product
Codename
golang-google-protobuf
bookworm
no-dsa
bullseye
no-dsa
forky
1.36.7-1
fixed
sid
1.36.7-1
fixed
trixie
1.36.5-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang-google-protobuf
focal
dne
jammy
needs-triage
mantic
ignored
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
google-guest-agent
bionic
needs-triage
focal
Fixed 20240213.00-0ubuntu4
released
jammy
Fixed 20231004.02-0ubuntu1~22.04.4
released
mantic
Fixed 20231004.02-0ubuntu1~23.10.3
released
noble
Fixed 20240213.00-0ubuntu3.1
released
oracular
Fixed 20240213.00-0ubuntu4
released
plucky
Fixed 20240213.00-0ubuntu4
released
questing
Fixed 20240213.00-0ubuntu4
released
xenial
needs-triage
google-osconfig-agent
bionic
needs-triage
focal
needs-triage
jammy
Fixed 20230504.00-0ubuntu1~22.04.1
released
mantic
Fixed 20230504.00-0ubuntu2.2
released
noble
Fixed 20240320.00-0ubuntu1~24.04.1
released
oracular
Fixed 20240320.00-0ubuntu2
released
plucky
Fixed 20240320.00-0ubuntu2
released
questing
Fixed 20240320.00-0ubuntu2
released
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
buildah
suse enterprise sap 15 SP5
1.35.4-150500.3.10.1
fixed
suse enterprise sap 15 SP6
1.35.4-150500.3.10.1
fixed
suse enterprise sap 15 SP7
1.35.4-150500.3.10.1
fixed
suse enterprise server 15 SP3
1.35.4-150300.8.25.1
fixed
suse enterprise server 15 SP4
1.35.4-150400.3.30.1
fixed
suse enterprise server 15 SP5
1.35.4-150500.3.10.1
fixed
suse enterprise server 15 SP6
1.35.4-150500.3.10.1
fixed
suse enterprise server 15 SP7
1.35.4-150500.3.10.1
fixed
podman
suse enterprise sap 15 SP5
4.9.5-150500.3.12.1
fixed
suse enterprise sap 15 SP6
4.9.5-150500.3.12.1
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.12.1
fixed
suse enterprise server 15 SP3
4.9.5-150300.9.31.1
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.27.1
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.12.1
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.12.1
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.12.1
fixed
podman-docker
suse enterprise sap 15 SP5
4.9.5-150500.3.12.1
fixed
suse enterprise sap 15 SP6
4.9.5-150500.3.12.1
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.12.1
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.27.1
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.12.1
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.12.1
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.12.1
fixed
podman-remote
suse enterprise sap 15 SP5
4.9.5-150500.3.12.1
fixed
suse enterprise sap 15 SP6
4.9.5-150500.3.12.1
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.12.1
fixed
suse enterprise server 15 SP3
4.9.5-150300.9.31.1
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.27.1
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.12.1
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.12.1
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.12.1
fixed
podmansh
suse enterprise sap 15 SP5
4.9.5-150500.3.12.1
fixed
suse enterprise sap 15 SP6
4.9.5-150500.3.12.1
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.12.1
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.12.1
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.12.1
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.12.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
buildah
RHEL 9
2:1.33.7-1.el9_4
fixed
buildah-tests
RHEL 9
2:1.33.7-1.el9_4
fixed
podman
RHEL 9
4:4.9.4-3.el9_4
fixed
podman-docker
RHEL 9
4:4.9.4-3.el9_4
fixed
podman-plugins
RHEL 9
4:4.9.4-3.el9_4
fixed
podman-remote
RHEL 9
4:4.9.4-3.el9_4
fixed
podman-tests
RHEL 9
4:4.9.4-3.el9_4
fixed
rhc-worker-script
RHEL 7
0:0.7-1.el7_9
fixed
skopeo
RHEL 9
2:1.14.3-2.el9_4
fixed
skopeo-tests
RHEL 9
2:1.14.3-2.el9_4
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
amazon-cloudwatch-agent
Amazon Linux 2
0:1.300039.0-1.amzn2
fixed
Amazon Linux 2023
0:1.300039.0-1.amzn2023
fixed
containerd
Amazon Linux 2023
0:1.7.20-1.amzn2023.0.1
fixed
containerd-debuginfo
Amazon Linux 2023
0:1.7.20-1.amzn2023.0.1
fixed
containerd-debugsource
Amazon Linux 2023
0:1.7.20-1.amzn2023.0.1
fixed
containerd-stress
Amazon Linux 2023
0:1.7.20-1.amzn2023.0.1
fixed
containerd-stress-debuginfo
Amazon Linux 2023
0:1.7.20-1.amzn2023.0.1
fixed
cri-tools
Amazon Linux 2
0:1.29.0-1.amzn2.0.2
fixed
cri-tools-debuginfo
Amazon Linux 2
0:1.29.0-1.amzn2.0.2
fixed
docker
Amazon Linux 2023
0:25.0.6-1.amzn2023.0.1
fixed
docker-debuginfo
Amazon Linux 2023
0:25.0.6-1.amzn2023.0.1
fixed
docker-debugsource
Amazon Linux 2023
0:25.0.6-1.amzn2023.0.1
fixed
nerdctl
Amazon Linux 2
0:1.7.6-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.7.6-1.amzn2023.0.1
fixed
nerdctl-debuginfo
Amazon Linux 2
0:1.7.6-1.amzn2.0.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
azcopy
Azure Linux 3.0
0:10.24.0-1.azl3
fixed
CBL-Mariner 2.0
0:10.24.0-1.cm2
fixed
blobfuse2
Azure Linux 3.0
0:2.3.0-1.azl3
fixed
CBL-Mariner 2.0
0:2.1.2-7.cm2
fixed
cert-manager
Azure Linux 3.0
0:1.12.12-1.azl3
fixed
CBL-Mariner 2.0
0:1.11.2-14.cm2
fixed
cf-cli
Azure Linux 3.0
0:8.7.3-3.azl3
fixed
CBL-Mariner 2.0
0:8.4.0-22.cm2
fixed
containerd
Azure Linux 3.0
0:1.7.13-5.azl3
fixed
containerized-data-importer
Azure Linux 3.0
0:1.57.0-6.azl3
fixed
coredns
Azure Linux 3.0
0:1.11.1-3.azl3
fixed
CBL-Mariner 2.0
0:1.11.1-12.cm2
fixed
cri-tools
Azure Linux 3.0
0:1.30.1-1.azl3
fixed
CBL-Mariner 2.0
0:1.29.0-5.cm2
fixed
docker-buildx
Azure Linux 3.0
0:0.14.0-1.azl3
fixed
docker-cli
Azure Linux 3.0
0:25.0.3-2.azl3
fixed
docker-compose
Azure Linux 3.0
0:2.27.0-1.azl3
fixed
etcd
Azure Linux 3.0
0:3.5.12-2.azl3
fixed
CBL-Mariner 2.0
0:3.5.12-6.cm2
fixed
flannel
Azure Linux 3.0
0:0.24.2-8.azl3
fixed
gh
Azure Linux 3.0
0:2.62.0-1.azl3
fixed
ig
Azure Linux 3.0
0:0.29.0-1.azl3
fixed
influxdb
Azure Linux 3.0
0:2.7.3-7.azl3
fixed
CBL-Mariner 2.0
0:2.6.1-18.cm2
fixed
kata-containers
Azure Linux 3.0
0:3.2.0.azl4-1.azl3
fixed
CBL-Mariner 2.0
0:3.2.0.azl2-1.cm2
fixed
kata-containers-cc
Azure Linux 3.0
0:3.2.0.azl4-1.azl3
fixed
CBL-Mariner 2.0
0:3.2.0.azl2-1.cm2
fixed
keda
Azure Linux 3.0
0:2.14.0-1.azl3
fixed
CBL-Mariner 2.0
0:2.4.0-24.cm2
fixed
kube-vip-cloud-provider
Azure Linux 3.0
0:0.0.10-1.azl3
fixed
kubernetes
Azure Linux 3.0
0:1.30.1-1.azl3
fixed
CBL-Mariner 2.0
0:0.0.0.cm2
fixed
kubevirt
Azure Linux 3.0
0:1.2.0-10.azl3
fixed
CBL-Mariner 2.0
0:0.59.0-17.cm2
fixed
libcontainers-common
Azure Linux 3.0
0:20240213-3.azl3
fixed
moby-buildx
CBL-Mariner 2.0
0:0.7.1-24.cm2
fixed
moby-cli
CBL-Mariner 2.0
0:24.0.9-6.cm2
fixed
moby-compose
CBL-Mariner 2.0
0:2.17.3-5.cm2
fixed
moby-containerd
CBL-Mariner 2.0
0:1.6.26-8.cm2
fixed
moby-containerd-cc
Azure Linux 3.0
0:1.7.7-5.azl3
fixed
CBL-Mariner 2.0
0:1.7.7-8.cm2
fixed
moby-engine
Azure Linux 3.0
0:25.0.3-7.azl3
fixed
CBL-Mariner 2.0
0:24.0.9-13.cm2
fixed
node-problem-detector
Azure Linux 3.0
0:0.8.15-2.azl3
fixed
CBL-Mariner 2.0
0:0.8.17-2.cm2
fixed
opa
Azure Linux 3.0
0:0.63.0-1.azl3
fixed
CBL-Mariner 2.0
0:0.63.0-1.cm2
fixed
packer
Azure Linux 3.0
0:1.9.5-3.azl3
fixed
CBL-Mariner 2.0
0:1.9.5-4.cm2
fixed
prometheus
Azure Linux 3.0
0:2.45.4-6.azl3
fixed
CBL-Mariner 2.0
0:2.37.9-1.cm2
fixed
prometheus-adapter
Azure Linux 3.0
0:0.12.0-1.azl3
fixed
CBL-Mariner 2.0
0:0.10.0-12.cm2
fixed
skopeo
Azure Linux 3.0
0:1.14.4-1.azl3
fixed
CBL-Mariner 2.0
0:1.14.2-9.cm2
fixed
sriov-network-device-plugin
CBL-Mariner 2.0
0:3.6.2-6.cm2
fixed
telegraf
Azure Linux 3.0
0:1.31.0-1.azl3
fixed
CBL-Mariner 2.0
0:1.29.4-8.cm2
fixed
terraform
CBL-Mariner 2.0
0:1.3.2-20.cm2
fixed
vitess
Azure Linux 3.0
0:19.0.4-2.azl3
fixed
CBL-Mariner 2.0
0:17.0.7-1.cm2
fixed