Bug 2331063 (CVE-2024-55565)
| Summary: | CVE-2024-55565 nanoid: nanoid mishandles non-integer values | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aazores, abarbaro, adudiak, adupliak, akostadi, alcohan, amasferr, amctagga, anjoseph, anpicker, asoldano, bbaranow, bdettelb, bkabrda, bmaxwell, boliveir, brian.stansberry, brking, caswilli, cbartlet, cdaley, cdewolf, chazlett, chfoley, cmah, danken, darran.lofthouse, dkreling, dmayorov, doconnor, dosoudil, drichtar, dymurray, eaguilar, ebaron, ehelms, eric.wittmann, fdeutsch, fjuma, ggainey, gkamathe, gmalinko, gparvin, gtanzill, haoli, hasun, hkataria, ibolton, istudens, ivassile, iweiss, jajackso, janstey, jcammara, jcantril, jchui, jforrest, jfula, jhe, jkoehler, jkoops, jlledo, jmatthew, jmitchel, jmontleo, jneedle, jolong, jowilson, jprabhak, jscholz, juwatts, jwendell, jwong, kaycoth, kegrant, koliveir, kshier, ktsao, lbalhar, lball, lgao, lphiri, mabashia, mhulan, mkudlej, mmakovy, mnovotny, mosmerov, msochure, msvehla, nboldt, ngough, nipatil, njean, nmoumoul, nwallace, nyancey, omaciel, ometelka, oramraz, owatkins, pahickey, pantinor, parichar, pbraun, pcreech, pdelbell, pdrozd, peholase, pesilva, pgaikwad, phoracek, pjindal, pmackay, pskopek, psrna, ptisnovs, rcernich, rchan, rguimara, rhaigner, rjohnson, rkubis, rmartinc, rojacob, rowaters, rstancel, rstepani, saroy, sdawley, sfroberg, shvarugh, simaishi, slucidi, smaestri, smallamp, smcdonal, smullick, sseago, stcannon, sthorger, stirabos, swoodman, syedriko, tasato, teagle, tfister, thason, thavo, tjochec, tom.jenkinson, twalsh, veshanka, wtam, xdharmai, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in nanoid. Affected versions of nanoid mishandles non-integer values. When nanoid is called with a fractional value, there were a number of undesirable effects:
- In browser and non-secure, the code infinite loops on while (size--)
- In node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled: when i is initialized to poolOffset, pool[i] & 63 -> undefined & 63 -> 0
- If the first call in node is a fractional argument, the initial buffer allocation fails with an error
The highest impact of this issue system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2331093, 2331094, 2331095, 2331096, 2331108, 2331091, 2331092, 2331097, 2331098, 2331099, 2331100, 2331101, 2331102, 2331103, 2331104, 2331105, 2331106, 2331107, 2331109, 2331110, 2331111, 2331112, 2331113, 2331114 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2024-12-09 02:01:10 UTC
Reported upstream: https://github.com/jupyterlab/jupyterlab/issues/17056 This issue has been addressed in the following products: RHODF-4.17-RHEL-9 Via RHSA-2025:0079 https://access.redhat.com/errata/RHSA-2025:0079 This issue has been addressed in the following products: RHODF-4.16-RHEL-9 Via RHSA-2025:0082 https://access.redhat.com/errata/RHSA-2025:0082 This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.5 for RHEL 9 Red Hat Ansible Automation Platform 2.5 for RHEL 8 Via RHSA-2025:0340 https://access.redhat.com/errata/RHSA-2025:0340 This issue has been addressed in the following products: multicluster engine for Kubernetes 2.7 for RHEL 9 multicluster engine for Kubernetes 2.7 for RHEL 8 Via RHSA-2025:0723 https://access.redhat.com/errata/RHSA-2025:0723 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2025:0654 https://access.redhat.com/errata/RHSA-2025:0654 This issue has been addressed in the following products: multicluster engine for Kubernetes 2.6 for RHEL 9 multicluster engine for Kubernetes 2.6 for RHEL 8 Via RHSA-2025:0778 https://access.redhat.com/errata/RHSA-2025:0778 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 Via RHSA-2025:0785 https://access.redhat.com/errata/RHSA-2025:0785 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 Via RHSA-2025:0851 https://access.redhat.com/errata/RHSA-2025:0851 This issue has been addressed in the following products: Red Hat OpenShift Dev Spaces 3 Containers Via RHSA-2025:0892 https://access.redhat.com/errata/RHSA-2025:0892 This issue has been addressed in the following products: Red Hat OpenShift Service Mesh 2.5 for RHEL 8 Via RHSA-2025:1051 https://access.redhat.com/errata/RHSA-2025:1051 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2025:0875 https://access.redhat.com/errata/RHSA-2025:0875 This issue has been addressed in the following products: RHODF-4.18-RHEL-9 Via RHSA-2025:2652 https://access.redhat.com/errata/RHSA-2025:2652 |