Bug 2268854 (CVE-2024-28180)
| Summary: | CVE-2024-28180 jose-go: improper handling of highly compressed data | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | ybuenos |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aarif, agarcial, alcohan, amctagga, anjoseph, aoconnor, aprice, asatyam, asegurap, bdettelb, bniver, caswilli, cdaley, danken, dfreiber, dhanak, diagrawa, dkenigsb, dkuc, doconnor, drow, dsimansk, dymurray, eglynn, fdeutsch, fjansen, flucifre, gkamathe, gmeno, gparvin, gsuckevi, hkataria, ibolton, jaharrin, jburrell, jcantril, jchui, jeder, jjoyce, jkoehler, jmatthew, jmitchel, jmontleo, joelsmith, jprabhak, jsamir, jschluet, jshaughn, jsherril, jtanner, jwendell, kaycoth, kingland, kshier, ktsao, kverlaen, lbainbri, lchilton, lgamliel, lhh, lsvaty, luizcosta, matzew, mbenjamin, mburns, mgarciac, mhackett, mkleinhe, mnovotny, mpierce, mrajanna, muagarwa, mwringe, nbecker, nboldt, njean, nobody, nweather, odf-bz-bot, oramraz, owatkins, pahickey, pgaikwad, pgrist, phoracek, pierdipi, rcernich, rfreiman, rguimara, rhaigner, rhos-maint, rhuss, rjohnson, rtaniwa, sabiswas, sapillai, sdawley, sfeifer, shbose, sidakwo, sipoyare, slucidi, smullick, sostapov, sseago, stcannon, stirabos, teagle, thason, tkral, tnielsen, tsweeney, twalsh, vereddy, vkumar, whayutin, wtam, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | go-jose 4.0.1, go-jose 3.0.3, go-jose 2.6.3 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2268872, 2268873, 2268871, 2268874, 2268875, 2268876, 2268877, 2268878, 2268879, 2268880, 2268881, 2268882, 2268883, 2268884, 2268885, 2268886, 2268887, 2268888, 2268889, 2268890, 2268891, 2268892, 2268893, 2268894, 2268895, 2268896, 2268897, 2268898, 2268899, 2268901, 2268902, 2268903, 2268904, 2268905, 2268909, 2268910, 2268911, 2268912, 2268913, 2268914, 2268915, 2268916, 2268917, 2268918, 2269205, 2276638, 2276653, 2276654, 2276655, 2276656, 2276657, 2276658, 2306538, 2306540 | ||
| Bug Blocks: | 2268846 | ||
|
Description
ybuenos
2024-03-10 20:20:23 UTC
Created apptainer tracking bugs for this issue: Affects: epel-all [bug 2268871] Affects: fedora-all [bug 2268875] Created buildah tracking bugs for this issue: Affects: fedora-all [bug 2268876] Created caddy tracking bugs for this issue: Affects: epel-all [bug 2268872] Affects: fedora-all [bug 2268877] Created containerd tracking bugs for this issue: Affects: fedora-all [bug 2268878] Created cri-o tracking bugs for this issue: Affects: fedora-all [bug 2268879] Created cri-o:1.21/cri-o tracking bugs for this issue: Affects: epel-all [bug 2268873] Created cri-o:1.22/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2268880] Created cri-o:1.23/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2268881] Created cri-o:1.24/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2268882] Created cri-o:1.25/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2268883] Created cri-o:1.26/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2268884] Created cri-o:1.27/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2268885] Created golang-github-acme-lego tracking bugs for this issue: Affects: fedora-all [bug 2268886] Created golang-github-in-toto tracking bugs for this issue: Affects: fedora-all [bug 2268887] Created golang-github-jose-3 tracking bugs for this issue: Affects: fedora-all [bug 2268888] Created golang-github-letsencrypt-pebble tracking bugs for this issue: Affects: fedora-all [bug 2268889] Created golang-gopkg-square-jose-2 tracking bugs for this issue: Affects: fedora-all [bug 2268890] Created grafana tracking bugs for this issue: Affects: fedora-all [bug 2268891] Created jose tracking bugs for this issue: Affects: fedora-all [bug 2268899] Created moby-engine tracking bugs for this issue: Affects: fedora-all [bug 2268892] Created osbuild-composer tracking bugs for this issue: Affects: fedora-all [bug 2268893] Created podman tracking bugs for this issue: Affects: fedora-all [bug 2268894] Created podman-tui tracking bugs for this issue: Affects: fedora-all [bug 2268895] Created prometheus-podman-exporter tracking bugs for this issue: Affects: fedora-all [bug 2268896] Created singularity-ce tracking bugs for this issue: Affects: epel-all [bug 2268874] Affects: fedora-all [bug 2268897] Created skopeo tracking bugs for this issue: Affects: fedora-all [bug 2268898] This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:1456 https://access.redhat.com/errata/RHSA-2024:1456 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:1563 https://access.redhat.com/errata/RHSA-2024:1563 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:1574 https://access.redhat.com/errata/RHSA-2024:1574 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:1567 https://access.redhat.com/errata/RHSA-2024:1567 This issue has been addressed in the following products: OpenShift Custom Metrics Autoscaler 2 Via RHSA-2024:1812 https://access.redhat.com/errata/RHSA-2024:1812 This issue has been addressed in the following products: OADP-1.3-RHEL-9 Via RHSA-2024:1859 https://access.redhat.com/errata/RHSA-2024:1859 This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2024:2639 https://access.redhat.com/errata/RHSA-2024:2639 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:2071 https://access.redhat.com/errata/RHSA-2024:2071 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:2054 https://access.redhat.com/errata/RHSA-2024:2054 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:2049 https://access.redhat.com/errata/RHSA-2024:2049 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:2669 https://access.redhat.com/errata/RHSA-2024:2669 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:2672 https://access.redhat.com/errata/RHSA-2024:2672 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:2773 https://access.redhat.com/errata/RHSA-2024:2773 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:2776 https://access.redhat.com/errata/RHSA-2024:2776 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:2784 https://access.redhat.com/errata/RHSA-2024:2784 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:2865 https://access.redhat.com/errata/RHSA-2024:2865 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3254 https://access.redhat.com/errata/RHSA-2024:3254 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:2869 https://access.redhat.com/errata/RHSA-2024:2869 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:2875 https://access.redhat.com/errata/RHSA-2024:2875 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:2877 https://access.redhat.com/errata/RHSA-2024:2877 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:3327 https://access.redhat.com/errata/RHSA-2024:3327 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:3349 https://access.redhat.com/errata/RHSA-2024:3349 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:3351 https://access.redhat.com/errata/RHSA-2024:3351 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:3523 https://access.redhat.com/errata/RHSA-2024:3523 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:3826 https://access.redhat.com/errata/RHSA-2024:3826 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:3827 https://access.redhat.com/errata/RHSA-2024:3827 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3968 https://access.redhat.com/errata/RHSA-2024:3968 This issue has been addressed in the following products: RHOSS-1.33-RHEL-8 Via RHSA-2024:4028 https://access.redhat.com/errata/RHSA-2024:4028 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:4010 https://access.redhat.com/errata/RHSA-2024:4010 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:4041 https://access.redhat.com/errata/RHSA-2024:4041 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:4006 https://access.redhat.com/errata/RHSA-2024:4006 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:0041 https://access.redhat.com/errata/RHSA-2024:0041 This issue has been addressed in the following products: RHEL-9-CNV-4.16 Via RHSA-2024:4455 https://access.redhat.com/errata/RHSA-2024:4455 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:4484 https://access.redhat.com/errata/RHSA-2024:4484 This issue has been addressed in the following products: RHODF-4.16-RHEL-9 Via RHSA-2024:4591 https://access.redhat.com/errata/RHSA-2024:4591 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:6687 https://access.redhat.com/errata/RHSA-2024:6687 This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.8 Via RHSA-2024:7164 https://access.redhat.com/errata/RHSA-2024:7164 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2024:3718 https://access.redhat.com/errata/RHSA-2024:3718 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:7179 https://access.redhat.com/errata/RHSA-2024:7179 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2024:8229 https://access.redhat.com/errata/RHSA-2024:8229 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:8235 https://access.redhat.com/errata/RHSA-2024:8235 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:8260 https://access.redhat.com/errata/RHSA-2024:8260 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:8425 https://access.redhat.com/errata/RHSA-2024:8425 |