Vulnerability CVE-2024-24786: Information

Description

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

Published: March 6, 2024
Modified: March 24, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
buildahsisyphus1.35.2-alt11.35.3-alt1ALT-PU-2024-4734-1343761Fixed
buildahsisyphus_riscv641.35.2-alt11.35.3-alt1ALT-PU-2024-4799-1-Fixed
buildahsisyphus_loongarch641.35.2-alt11.35.3-alt1ALT-PU-2024-4784-1-Fixed
buildahp101.34.3-alt0.p101.34.3-alt0.p10ALT-PU-2024-4646-2343760Fixed

References to Advisories, Solutions, and Tools