Bug 2310528 (CVE-2024-34156) - CVE-2024-34156 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
Summary: CVE-2024-34156 encoding/gob: golang: Calling Decoder.Decode on a message whic...
Keywords:
Status: NEW
Alias: CVE-2024-34156
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2310555 2310556 2310557 2310558 2310559 2310560 2310561 2310562 2310563 2310564 2310568 2310570 2310571 2310573 2311673 2310566 2310567 2310569
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-09-06 21:20 UTC by OSIDB Bzimport
Modified: 2024-10-09 12:00 UTC (History)
104 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:6958 0 None None None 2024-09-23 22:35:49 UTC
Red Hat Product Errata RHBA-2024:6960 0 None None None 2024-09-23 23:31:13 UTC
Red Hat Product Errata RHBA-2024:7096 0 None None None 2024-09-25 06:51:55 UTC
Red Hat Product Errata RHBA-2024:7768 0 None None None 2024-10-07 17:49:28 UTC
Red Hat Product Errata RHSA-2024:6908 0 None None None 2024-09-23 01:47:19 UTC
Red Hat Product Errata RHSA-2024:6912 0 None None None 2024-09-23 01:52:44 UTC
Red Hat Product Errata RHSA-2024:6913 0 None None None 2024-09-23 01:47:59 UTC
Red Hat Product Errata RHSA-2024:6914 0 None None None 2024-09-23 01:37:14 UTC
Red Hat Product Errata RHSA-2024:6946 0 None None None 2024-09-23 18:35:53 UTC
Red Hat Product Errata RHSA-2024:6947 0 None None None 2024-09-23 18:43:58 UTC
Red Hat Product Errata RHSA-2024:7102 0 None None None 2024-09-25 11:26:55 UTC
Red Hat Product Errata RHSA-2024:7103 0 None None None 2024-09-25 11:27:27 UTC
Red Hat Product Errata RHSA-2024:7135 0 None None None 2024-09-25 18:28:41 UTC
Red Hat Product Errata RHSA-2024:7136 0 None None None 2024-09-25 18:36:04 UTC
Red Hat Product Errata RHSA-2024:7202 0 None None None 2024-09-26 11:27:58 UTC
Red Hat Product Errata RHSA-2024:7203 0 None None None 2024-09-26 12:27:06 UTC
Red Hat Product Errata RHSA-2024:7204 0 None None None 2024-09-26 12:22:12 UTC
Red Hat Product Errata RHSA-2024:7205 0 None None None 2024-09-26 12:14:10 UTC
Red Hat Product Errata RHSA-2024:7206 0 None None None 2024-09-26 12:23:01 UTC
Red Hat Product Errata RHSA-2024:7207 0 None None None 2024-09-26 12:22:55 UTC
Red Hat Product Errata RHSA-2024:7208 0 None None None 2024-09-26 11:41:14 UTC
Red Hat Product Errata RHSA-2024:7261 0 None None None 2024-09-26 18:28:01 UTC
Red Hat Product Errata RHSA-2024:7262 0 None None None 2024-09-26 18:33:16 UTC
Red Hat Product Errata RHSA-2024:7350 0 None None None 2024-09-30 01:21:20 UTC
Red Hat Product Errata RHSA-2024:7351 0 None None None 2024-09-30 01:21:00 UTC
Red Hat Product Errata RHSA-2024:7449 0 None None None 2024-10-01 11:29:23 UTC
Red Hat Product Errata RHSA-2024:7455 0 None None None 2024-10-01 14:54:49 UTC
Red Hat Product Errata RHSA-2024:7456 0 None None None 2024-10-01 14:55:09 UTC
Red Hat Product Errata RHSA-2024:7485 0 None None None 2024-10-02 00:37:30 UTC
Red Hat Product Errata RHSA-2024:7487 0 None None None 2024-10-02 00:32:12 UTC
Red Hat Product Errata RHSA-2024:7488 0 None None None 2024-10-02 00:32:37 UTC
Red Hat Product Errata RHSA-2024:7769 0 None None None 2024-10-07 18:14:37 UTC
Red Hat Product Errata RHSA-2024:7791 0 None None None 2024-10-08 11:13:11 UTC
Red Hat Product Errata RHSA-2024:7792 0 None None None 2024-10-08 11:13:17 UTC
Red Hat Product Errata RHSA-2024:7793 0 None None None 2024-10-08 11:18:45 UTC
Red Hat Product Errata RHSA-2024:7794 0 None None None 2024-10-08 11:15:29 UTC
Red Hat Product Errata RHSA-2024:7818 0 None None None 2024-10-08 18:22:54 UTC
Red Hat Product Errata RHSA-2024:7819 0 None None None 2024-10-08 18:34:17 UTC
Red Hat Product Errata RHSA-2024:7820 0 None None None 2024-10-08 18:35:22 UTC
Red Hat Product Errata RHSA-2024:7821 0 None None None 2024-10-08 18:32:10 UTC
Red Hat Product Errata RHSA-2024:7822 0 None None None 2024-10-08 18:23:09 UTC
Red Hat Product Errata RHSA-2024:7852 0 None None None 2024-10-09 12:00:12 UTC

Description OSIDB Bzimport 2024-09-06 21:20:33 UTC
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Comment 3 errata-xmlrpc 2024-09-23 01:37:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:6914 https://access.redhat.com/errata/RHSA-2024:6914

Comment 4 errata-xmlrpc 2024-09-23 01:47:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:6908 https://access.redhat.com/errata/RHSA-2024:6908

Comment 5 errata-xmlrpc 2024-09-23 01:47:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6913 https://access.redhat.com/errata/RHSA-2024:6913

Comment 6 errata-xmlrpc 2024-09-23 01:52:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:6912 https://access.redhat.com/errata/RHSA-2024:6912

Comment 7 errata-xmlrpc 2024-09-23 18:35:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6946 https://access.redhat.com/errata/RHSA-2024:6946

Comment 8 errata-xmlrpc 2024-09-23 18:43:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6947 https://access.redhat.com/errata/RHSA-2024:6947

Comment 9 errata-xmlrpc 2024-09-25 11:26:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:7102 https://access.redhat.com/errata/RHSA-2024:7102

Comment 10 errata-xmlrpc 2024-09-25 11:27:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:7103 https://access.redhat.com/errata/RHSA-2024:7103

Comment 11 errata-xmlrpc 2024-09-25 18:28:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7135 https://access.redhat.com/errata/RHSA-2024:7135

Comment 12 errata-xmlrpc 2024-09-25 18:35:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:7136 https://access.redhat.com/errata/RHSA-2024:7136

Comment 13 errata-xmlrpc 2024-09-26 11:27:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:7202 https://access.redhat.com/errata/RHSA-2024:7202

Comment 14 errata-xmlrpc 2024-09-26 11:41:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:7208 https://access.redhat.com/errata/RHSA-2024:7208

Comment 15 errata-xmlrpc 2024-09-26 12:14:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2024:7205 https://access.redhat.com/errata/RHSA-2024:7205

Comment 16 errata-xmlrpc 2024-09-26 12:22:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:7204 https://access.redhat.com/errata/RHSA-2024:7204

Comment 17 errata-xmlrpc 2024-09-26 12:22:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:7207 https://access.redhat.com/errata/RHSA-2024:7207

Comment 18 errata-xmlrpc 2024-09-26 12:22:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:7206 https://access.redhat.com/errata/RHSA-2024:7206

Comment 19 errata-xmlrpc 2024-09-26 12:27:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:7203 https://access.redhat.com/errata/RHSA-2024:7203

Comment 21 errata-xmlrpc 2024-09-26 18:27:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:7261 https://access.redhat.com/errata/RHSA-2024:7261

Comment 22 errata-xmlrpc 2024-09-26 18:33:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7262 https://access.redhat.com/errata/RHSA-2024:7262

Comment 23 errata-xmlrpc 2024-09-30 01:20:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:7351 https://access.redhat.com/errata/RHSA-2024:7351

Comment 24 errata-xmlrpc 2024-09-30 01:21:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:7350 https://access.redhat.com/errata/RHSA-2024:7350

Comment 25 errata-xmlrpc 2024-10-01 11:29:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:7449 https://access.redhat.com/errata/RHSA-2024:7449

Comment 26 errata-xmlrpc 2024-10-01 14:54:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:7455 https://access.redhat.com/errata/RHSA-2024:7455

Comment 27 errata-xmlrpc 2024-10-01 14:55:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:7456 https://access.redhat.com/errata/RHSA-2024:7456

Comment 28 errata-xmlrpc 2024-10-02 00:32:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:7487 https://access.redhat.com/errata/RHSA-2024:7487

Comment 29 errata-xmlrpc 2024-10-02 00:32:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:7488 https://access.redhat.com/errata/RHSA-2024:7488

Comment 30 errata-xmlrpc 2024-10-02 00:37:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:7485 https://access.redhat.com/errata/RHSA-2024:7485

Comment 31 errata-xmlrpc 2024-10-07 18:14:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:7769 https://access.redhat.com/errata/RHSA-2024:7769

Comment 32 errata-xmlrpc 2024-10-08 11:13:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:7791 https://access.redhat.com/errata/RHSA-2024:7791

Comment 33 errata-xmlrpc 2024-10-08 11:13:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:7792 https://access.redhat.com/errata/RHSA-2024:7792

Comment 34 errata-xmlrpc 2024-10-08 11:15:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:7794 https://access.redhat.com/errata/RHSA-2024:7794

Comment 35 errata-xmlrpc 2024-10-08 11:18:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:7793 https://access.redhat.com/errata/RHSA-2024:7793

Comment 36 errata-xmlrpc 2024-10-08 18:22:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:7818 https://access.redhat.com/errata/RHSA-2024:7818

Comment 37 errata-xmlrpc 2024-10-08 18:23:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:7822 https://access.redhat.com/errata/RHSA-2024:7822

Comment 38 errata-xmlrpc 2024-10-08 18:32:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:7821 https://access.redhat.com/errata/RHSA-2024:7821

Comment 39 errata-xmlrpc 2024-10-08 18:34:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:7819 https://access.redhat.com/errata/RHSA-2024:7819

Comment 40 errata-xmlrpc 2024-10-08 18:35:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:7820 https://access.redhat.com/errata/RHSA-2024:7820

Comment 41 errata-xmlrpc 2024-10-09 12:00:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:7852 https://access.redhat.com/errata/RHSA-2024:7852


Note You need to log in before you can comment on or make changes to this bug.