CVE-2024-34156 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 54%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
go_standard_library	encoding\/gob	𝑥 < 1.22.7	ADP
go_standard_library	encoding\/gob	1.23.0-0 ≤ 𝑥 < 1.23.1	ADP

Debian Releases

Debian Product

Codename

golang-1.15

bookworm	no-dsa
bullseye	vulnerable

golang-1.19

bookworm	vulnerable
bullseye	postponed

Ubuntu Releases

Ubuntu Product

Codename

golang

focal	dne
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne

golang-1.6

focal	dne
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
xenial	needs-triage

golang-1.8

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne

golang-1.9

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne

golang-1.10

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
trusty	needs-triage
xenial	needs-triage

golang-1.13

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	dne
oracular	dne
plucky	dne
questing	dne
xenial	needs-triage

golang-1.14

focal	needs-triage
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne

golang-1.16

bionic	needs-triage
focal	needs-triage
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne

golang-1.17

focal	dne
jammy	Fixed 1.17.13-3ubuntu1.3 released
noble	dne
oracular	dne
plucky	dne
questing	dne

golang-1.18

bionic	Fixed 1.18.1-1ubuntu1~18.04.4+esm1 released
focal	Fixed 1.18.1-1ubuntu1~20.04.3 released
jammy	Fixed 1.18.1-1ubuntu1.2 released
noble	dne
oracular	dne
plucky	dne
questing	dne
xenial	Fixed 1.18.1-1ubuntu1~16.04.6+esm1 released

golang-1.19

focal	dne
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne

golang-1.20

focal	needs-triage
jammy	needs-triage
noble	dne
oracular	dne
plucky	dne
questing	dne

golang-1.21

focal	needs-triage
jammy	needs-triage
noble	needs-triage
oracular	dne
plucky	dne
questing	dne

golang-1.22

focal	Fixed 1.22.2-2~20.04.2 released
jammy	Fixed 1.22.2-2~22.04.2 released
noble	Fixed 1.22.2-2ubuntu0.3 released
oracular	not-affected
plucky	dne
questing	dne

Red Hat Enterprise Linux Releases

Red Hat Product

Release

buildah

RHEL 9

2:1.37.5-1.el9_5

fixed

buildah-tests

RHEL 9

2:1.37.5-1.el9_5

fixed

containernetworking-plugins

RHEL 9

1:1.4.0-6.el9_4

fixed

delve

RHEL 9

0:1.24.1-2.el9_5

fixed

git-lfs

RHEL 9

0:3.4.1-4.el9_4

fixed

go-toolset

RHEL 9

0:1.23.6-2.el9_5

fixed

golang

RHEL 9

0:1.23.6-2.el9_5

fixed

golang-bin

RHEL 9

0:1.23.6-2.el9_5

fixed

golang-docs

RHEL 9

0:1.23.6-2.el9_5

fixed

golang-misc

RHEL 9

0:1.23.6-2.el9_5

fixed

golang-race

RHEL 9

0:1.23.6-2.el9_5

fixed

golang-src

RHEL 9

0:1.23.6-2.el9_5

fixed

golang-tests

RHEL 9

0:1.23.6-2.el9_5

fixed

grafana

RHEL 9

0:10.2.6-7.el9_5

fixed

grafana-pcp

RHEL 9

0:5.1.1-9.el9_5

fixed

grafana-selinux

RHEL 9

0:10.2.6-7.el9_5

fixed

osbuild-composer

RHEL 8	0:101-2.el8_10 fixed
RHEL 8.4 AUS	0:28.7-2.el8_4 fixed
RHEL 8.4 E4S	0:28.7-2.el8_4 fixed
RHEL 8.4 TUS	0:28.7-2.el8_4 fixed
RHEL 8.6 AUS	0:46.3-2.el8_6 fixed
RHEL 8.6 E4S	0:46.3-2.el8_6 fixed
RHEL 8.6 TUS	0:46.3-2.el8_6 fixed
RHEL 8.8 AUS	0:75-2.el8_8 fixed
RHEL 8.8 E4S	0:75-2.el8_8 fixed
RHEL 8.8 EUS	0:75-2.el8_8 fixed
RHEL 8.8 TUS	0:75-2.el8_8 fixed
RHEL 9	0:118-2.el9_5 fixed

osbuild-composer-core

RHEL 8	0:101-2.el8_10 fixed
RHEL 8.4 AUS	0:28.7-2.el8_4 fixed
RHEL 8.4 E4S	0:28.7-2.el8_4 fixed
RHEL 8.4 TUS	0:28.7-2.el8_4 fixed
RHEL 8.6 AUS	0:46.3-2.el8_6 fixed
RHEL 8.6 E4S	0:46.3-2.el8_6 fixed
RHEL 8.6 TUS	0:46.3-2.el8_6 fixed
RHEL 8.8 AUS	0:75-2.el8_8 fixed
RHEL 8.8 E4S	0:75-2.el8_8 fixed
RHEL 8.8 EUS	0:75-2.el8_8 fixed
RHEL 8.8 TUS	0:75-2.el8_8 fixed
RHEL 9	0:118-2.el9_5 fixed

osbuild-composer-dnf-json

RHEL 8.6 AUS	0:46.3-2.el8_6 fixed
RHEL 8.6 E4S	0:46.3-2.el8_6 fixed
RHEL 8.6 TUS	0:46.3-2.el8_6 fixed
RHEL 8.8 AUS	0:75-2.el8_8 fixed
RHEL 8.8 E4S	0:75-2.el8_8 fixed
RHEL 8.8 EUS	0:75-2.el8_8 fixed
RHEL 8.8 TUS	0:75-2.el8_8 fixed

osbuild-composer-worker

RHEL 8	0:101-2.el8_10 fixed
RHEL 8.4 AUS	0:28.7-2.el8_4 fixed
RHEL 8.4 E4S	0:28.7-2.el8_4 fixed
RHEL 8.4 TUS	0:28.7-2.el8_4 fixed
RHEL 8.6 AUS	0:46.3-2.el8_6 fixed
RHEL 8.6 E4S	0:46.3-2.el8_6 fixed
RHEL 8.6 TUS	0:46.3-2.el8_6 fixed
RHEL 8.8 AUS	0:75-2.el8_8 fixed
RHEL 8.8 E4S	0:75-2.el8_8 fixed
RHEL 8.8 EUS	0:75-2.el8_8 fixed
RHEL 8.8 TUS	0:75-2.el8_8 fixed
RHEL 9	0:118-2.el9_5 fixed

podman

RHEL 9

4:5.2.2-9.el9_5

fixed

podman-docker

RHEL 9

4:5.2.2-9.el9_5

fixed

podman-plugins

RHEL 9

4:5.2.2-9.el9_5

fixed

podman-remote

RHEL 9

4:5.2.2-9.el9_5

fixed

podman-tests

RHEL 9

4:5.2.2-9.el9_5

fixed

skopeo

RHEL 9

2:1.14.5-2.el9_4

fixed

skopeo-tests

RHEL 9

2:1.14.5-2.el9_4

fixed

References

https://go.dev/cl/611239

https://go.dev/issue/69139

https://groups.google.com/g/golang-dev/c/S9POB9NCTdk

https://pkg.go.dev/vuln/GO-2024-3106

https://security.netapp.com/advisory/ntap-20240926-0004/