Bug 2295010 (CVE-2024-37298)
| Summary: | CVE-2024-37298 gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | rgatica, tsweeney |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | Flags: | tsweeney:
needinfo?
(rgatica) |
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the gorilla/schema package. Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of `schema.Decoder.Decode()` on a struct with arrays of other structs could trigger memory exhaustion and lead to a denial of service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2295193, 2295194 | ||
| Bug Blocks: | |||
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2024:4825 https://access.redhat.com/errata/RHSA-2024:4825 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:4702 https://access.redhat.com/errata/RHSA-2024:4702 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:4858 https://access.redhat.com/errata/RHSA-2024:4858 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:4848 https://access.redhat.com/errata/RHSA-2024:4848 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:4963 https://access.redhat.com/errata/RHSA-2024:4963 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:5194 https://access.redhat.com/errata/RHSA-2024:5194 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5258 https://access.redhat.com/errata/RHSA-2024:5258 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:5202 https://access.redhat.com/errata/RHSA-2024:5202 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:5634 https://access.redhat.com/errata/RHSA-2024:5634 This issue has been addressed in the following products: Red Hat Advanced Cluster Security 4.4 Via RHSA-2024:6054 https://access.redhat.com/errata/RHSA-2024:6054 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:6194 https://access.redhat.com/errata/RHSA-2024:6194 |
gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of `schema.Decoder.Decode()` on a struct with arrays of other structs could be vulnerable to this memory exhaustion vulnerability. Version 1.4.1 contains a patch for the issue.