Bug 2354429

Summary:	CVE-2025-30204 moby-engine: jwt-go allows excessive memory allocation during header parsing [fedora-41]
Product:	[Fedora] Fedora	Reporter:	Robb Gatica <rgatica>
Component:	moby-engine	Assignee:	Brad Smith <bradley.g.smith>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	high	Docs Contact:
Priority:	high
Version:	41	CC:	bradley.g.smith, copper_fin, go-sig, maxwell, mhofmann
Target Milestone:	---	Keywords:	Security, SecurityTracking
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:	{"flaws": ["95a9dde5-6090-4836-a6ca-cacc3443099b"]}
Fixed In Version:	moby-engine-28.2.2-1.fc43	Doc Type:	---
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2025-05-31 04:47:13 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	2354195

Description Robb Gatica 2025-03-24 03:02:59 UTC

More information about this security flaw is available in the following bug:

https://bugzilla.redhat.com/show_bug.cgi?id=2354195

Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

Comment 1 Fedora Admin user for bugzilla script actions 2025-05-10 02:44:17 UTC

This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.

Comment 2 Fedora Update System 2025-05-31 04:43:51 UTC

FEDORA-2025-a11b58986f (moby-engine-28.2.2-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-a11b58986f

Comment 3 Fedora Update System 2025-05-31 04:47:13 UTC

FEDORA-2025-a11b58986f (moby-engine-28.2.2-1.fc43) has been pushed to the Fedora 43 stable repository.
If problem still persists, please make note of it in this bug report.