Vulnerability-Lookup

CVE-2024-37298 (GCVE-0-2024-37298)

Vulnerability from cvelistv5 – Published: 2024-07-01 18:27 – Updated: 2024-08-02 03:50

Title

Potential memory exhaustion attack due to sparse slice deserialization

Summary

gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of `schema.Decoder.Decode()` on a struct with arrays of other structs could be vulnerable to this memory exhaustion vulnerability. Version 1.4.1 contains a patch for the issue.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	gorilla	schema	Affected: < 1.4.1

FKIE_CVE-2024-37298

Vulnerability from fkie_nvd - Published: 2024-07-01 19:15 - Updated: 2024-11-21 09:23

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/gorilla/schema/blob/main/decoder.go#L223
	security-advisories@github.com	https://github.com/gorilla/schema/commit/cd59f2f12cbdfa9c06aa63e425d1fe4a806967ff
	security-advisories@github.com	https://github.com/gorilla/schema/security/advisories/GHSA-3669-72x9-r9p3
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/gorilla/schema/blob/main/decoder.go#L223
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/gorilla/schema/commit/cd59f2f12cbdfa9c06aa63e425d1fe4a806967ff
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/gorilla/schema/security/advisories/GHSA-3669-72x9-r9p3

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of `schema.Decoder.Decode()` on a struct with arrays of other structs could be vulnerable to this memory exhaustion vulnerability. Version 1.4.1 contains a patch for the issue."
    },
    {
      "lang": "es",
      "value": "gorilla/schema convierte estructuras hacia y desde valores de formulario. Antes de la versi\u00f3n 1.4.1 La ejecuci\u00f3n de `schema.Decoder.Decode()` en una estructura que tiene un campo de tipo `[]struct{...}` la abre a ataques maliciosos relacionados con las asignaciones de memoria, aprovechando la escasez de memoria. funcionalidad de corte. Cualquier uso de `schema.Decoder.Decode()` en una estructura con matrices de otras estructuras podr\u00eda ser vulnerable a esta vulnerabilidad de agotamiento de la memoria. La versi\u00f3n 1.4.1 contiene un parche para el problema."
    }
  ],
  "id": "CVE-2024-37298",
  "lastModified": "2024-11-21T09:23:33.653",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-01T19:15:04.283",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/gorilla/schema/blob/main/decoder.go#L223"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/gorilla/schema/commit/cd59f2f12cbdfa9c06aa63e425d1fe4a806967ff"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/gorilla/schema/security/advisories/GHSA-3669-72x9-r9p3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/gorilla/schema/blob/main/decoder.go#L223"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/gorilla/schema/commit/cd59f2f12cbdfa9c06aa63e425d1fe4a806967ff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/gorilla/schema/security/advisories/GHSA-3669-72x9-r9p3"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-3669-72X9-R9P3

Vulnerability from github – Published: 2024-07-01 20:35 – Updated: 2024-07-05 21:29

Summary

Potential memory exhaustion attack due to sparse slice deserialization

Details

Running schema.Decoder.Decode() on a struct that has a field of type []struct{...} opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. For instance, in the Proof of Concept written below, someone can specify to set a field of the billionth element and it will allocate all other elements before it in the slice.

In the local environment environment for my project, I was able to call an endpoint like /innocent_endpoint?arr.10000000.X=1 and freeze my system from the memory allocation while parsing r.Form. I think this line is responsible for allocating the slice, although I haven't tested to make sure, so it's just an educated guess.

Proof of Concept

The following proof of concept works on both v1.2.0 and v1.2.1. I have not tested earlier versions.

package main

import (
    "fmt"

    "github.com/gorilla/schema"
)

func main() {
    dec := schema.NewDecoder()
    var result struct {
        Arr []struct{ Val int }
    }
    if err := dec.Decode(&result, map[string][]string{"arr.1000000000.Val": {"1"}}); err != nil {
        panic(err)
    }
    fmt.Printf("%#+v\n", result)
}

Impact

Any use of schema.Decoder.Decode() on a struct with arrays of other structs could be vulnerable to this memory exhaustion vulnerability. There seems to be no possible solution that a developer using this library can do to disable this behaviour without fixing it in this project, so all uses of Decode that fall under this umbrella are affected. A fix that doesn't require a major change may also be harder to find, since it could break compatibility with some other intended use-cases.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/gorilla/schema"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-37298"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-01T20:35:12Z",
    "nvd_published_at": "2024-07-01T19:15:04Z",
    "severity": "HIGH"
  },
  "details": "### Details\n\nRunning `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. For instance, in the Proof of Concept written below, someone can specify to set a field of the billionth element and it will allocate all other elements before it in the slice. \n\nIn the local environment environment for my project, I was able to call an endpoint like `/innocent_endpoint?arr.10000000.X=1` and freeze my system from the memory allocation while parsing `r.Form`. I think [this line](https://github.com/gorilla/schema/blob/main/decoder.go#L223) is responsible for allocating the slice, although I haven\u0027t tested to make sure, so it\u0027s just an educated guess.\n\n### Proof of Concept\n\nThe following proof of concept works on both v1.2.0 and v1.2.1. I have not tested earlier versions.\n\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/gorilla/schema\"\n)\n\nfunc main() {\n\tdec := schema.NewDecoder()\n\tvar result struct {\n\t\tArr []struct{ Val int }\n\t}\n\tif err := dec.Decode(\u0026result, map[string][]string{\"arr.1000000000.Val\": {\"1\"}}); err != nil {\n\t\tpanic(err)\n\t}\n\tfmt.Printf(\"%#+v\\n\", result)\n}\n\n```\n\n### Impact\n\nAny use of `schema.Decoder.Decode()` on a struct with arrays of other structs could be vulnerable to this memory exhaustion vulnerability. There seems to be no possible solution that a developer using this library can do to disable this behaviour without fixing it in this project, so all uses of Decode that fall under this umbrella are affected. A fix that doesn\u0027t require a major change may also be harder to find, since it could break compatibility with some other intended use-cases.\n",
  "id": "GHSA-3669-72x9-r9p3",
  "modified": "2024-07-05T21:29:07Z",
  "published": "2024-07-01T20:35:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/gorilla/schema/security/advisories/GHSA-3669-72x9-r9p3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37298"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gorilla/schema/commit/cd59f2f12cbdfa9c06aa63e425d1fe4a806967ff"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/gorilla/schema"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gorilla/schema/blob/main/decoder.go#L223"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Potential memory exhaustion attack due to sparse slice deserialization"
}

cve-2024-37298

Vulnerability from osv_almalinux

Published

2024-09-03 00:00

Modified

2024-09-04 08:19

Summary

Important: podman security update

Details

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Security Fix(es):

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
go-retryablehttp: url might write sensitive information to log file (CVE-2024-6104)
gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization (CVE-2024-37298)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "podman"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4:4.9.4-10.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "podman-docker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4:4.9.4-10.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "podman-plugins"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4:4.9.4-10.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "podman-remote"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4:4.9.4-10.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "podman-tests"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4:4.9.4-10.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)\n* go-retryablehttp: url might write sensitive information to log file (CVE-2024-6104)\n* gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization (CVE-2024-37298)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:6194",
  "modified": "2024-09-04T08:19:33Z",
  "published": "2024-09-03T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:6194"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-24783"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-37298"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-6104"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2268019"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2294000"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2295010"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-6194.html"
    }
  ],
  "related": [
    "CVE-2024-24783",
    "CVE-2024-6104",
    "CVE-2024-37298"
  ],
  "summary": "Important: podman security update"
}

cve-2024-37298

Vulnerability from osv_almalinux

Published

2024-08-13 00:00

Modified

2024-08-14 16:09

Summary

Important: container-tools:rhel8 security update

Details

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)
golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
containers/image: digest type does not guarantee valid type (CVE-2024-3727)
golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)
go-retryablehttp: url might write sensitive information to log file (CVE-2024-6104)
gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization (CVE-2024-37298)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aardvark-dns"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:1.10.0-1.module_el8.10.0+3792+03eaed9c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aardvark-dns"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:1.10.0-1.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aardvark-dns"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:1.10.0-1.module_el8.10.0+3858+6ad51f9f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "buildah"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:1.33.8-4.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "buildah-tests"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:1.33.8-4.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "cockpit-podman"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "84.1-1.module_el8.10.0+3858+6ad51f9f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "conmon"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3:2.1.10-1.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "conmon"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3:2.1.10-1.module_el8.10.0+3858+6ad51f9f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "conmon"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3:2.1.10-1.module_el8.10.0+3845+87b84552"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "container-selinux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:2.229.0-2.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "containernetworking-plugins"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.4.0-5.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "containers-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:1-82.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "crit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.18-5.module_el8.10.0+3845+87b84552"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "crit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.18-5.module_el8.10.0+3858+6ad51f9f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "criu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.18-5.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "criu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.18-5.module_el8.10.0+3845+87b84552"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "criu-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.18-5.module_el8.10.0+3858+6ad51f9f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "criu-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.18-5.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "criu-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.18-5.module_el8.10.0+3845+87b84552"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "criu-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.18-5.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "crun"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.14.3-2.module_el8.10.0+3858+6ad51f9f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "crun"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.14.3-2.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "fuse-overlayfs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.13-1.module_el8.10.0+3859+6ae70a0e"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "fuse-overlayfs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.13-1.module_el8.10.0+3792+03eaed9c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libslirp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.4.0-2.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libslirp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.4.0-2.module_el8.10.0+3858+6ad51f9f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libslirp-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.4.0-2.module_el8.10.0+3858+6ad51f9f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libslirp-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.4.0-2.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netavark"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:1.10.3-1.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netavark"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:1.10.3-1.module_el8.10.0+3858+6ad51f9f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "oci-seccomp-bpf-hook"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.10-1.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "oci-seccomp-bpf-hook"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.10-1.module_el8.10.0+3792+03eaed9c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "podman"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4:4.9.4-12.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "podman-catatonit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4:4.9.4-12.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "podman-docker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4:4.9.4-12.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "podman-gvproxy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4:4.9.4-12.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "podman-plugins"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4:4.9.4-12.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "podman-remote"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4:4.9.4-12.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "podman-tests"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4:4.9.4-12.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-criu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.18-5.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-podman"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.9.0-2.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "runc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.1.12-4.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "skopeo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:1.14.5-3.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "skopeo-tests"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:1.14.5-3.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "slirp4netns"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.3-1.module_el8.10.0+3845+87b84552"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "slirp4netns"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.3-1.module_el8.10.0+3858+6ad51f9f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "slirp4netns"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.3-1.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "toolbox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.99.5-2.module_el8.10.0+3845+87b84552"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "toolbox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.99.5-2.module_el8.10.0+3858+6ad51f9f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "toolbox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.99.5-2.module_el8.10.0+3876+e55593a8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "toolbox-tests"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.99.5-2.module_el8.10.0+3858+6ad51f9f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "toolbox-tests"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.99.5-2.module_el8.10.0+3845+87b84552"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "udica"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.6-21.module_el8.10.0+3858+6ad51f9f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.\n\nSecurity Fix(es):\n\n* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)\n* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)\n* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)\n* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)\n* containers/image: digest type does not guarantee valid type (CVE-2024-3727)\n* golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)\n* go-retryablehttp: url might write sensitive information to log file (CVE-2024-6104)\n* gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization (CVE-2024-37298)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:5258",
  "modified": "2024-08-14T16:09:13Z",
  "published": "2024-08-13T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:5258"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-45290"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-1394"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-24783"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-24784"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-24789"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3727"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-37298"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-6104"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2262921"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2268017"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2268019"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2268021"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2274767"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2292668"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2294000"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2295010"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-5258.html"
    }
  ],
  "related": [
    "CVE-2024-1394",
    "CVE-2023-45290",
    "CVE-2024-24783",
    "CVE-2024-24784",
    "CVE-2024-3727",
    "CVE-2024-24789",
    "CVE-2024-6104",
    "CVE-2024-37298"
  ],
  "summary": "Important: container-tools:rhel8 security update"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-37298 (GCVE-0-2024-37298)

FKIE_CVE-2024-37298

GHSA-3669-72X9-R9P3

Details

Proof of Concept

Impact

cve-2024-37298

Vulnerability from osv_almalinux

cve-2024-37298

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature