Bug 2279814 (CVE-2024-24788) - CVE-2024-24788 golang: net: malformed DNS message can cause infinite loop
Summary: CVE-2024-24788 golang: net: malformed DNS message can cause infinite loop
Keywords:
Status: NEW
Alias: CVE-2024-24788
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2279829 2279830 2279832 2279833 2349922 2279815 2279816 2279820 2279821 2279822 2279823 2279824 2279825 2279826 2279827 2279828 2279831 2279834 2279835 2279836 2279837 2279838
Blocks: 2279819
TreeView+ depends on / blocked
 
Reported: 2024-05-09 04:35 UTC by Avinash Hanwate
Modified: 2025-04-18 08:27 UTC (History)
162 users (show)

Fixed In Version: Go 1.22.3, Go 1.21.10
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:4613 0 None None None 2024-07-24 18:53:28 UTC
Red Hat Product Errata RHSA-2024:4616 0 None None None 2024-07-24 19:09:35 UTC
Red Hat Product Errata RHSA-2024:4697 0 None None None 2024-07-22 10:11:33 UTC
Red Hat Product Errata RHSA-2024:4872 0 None None None 2024-07-25 14:44:34 UTC
Red Hat Product Errata RHSA-2024:4982 0 None None None 2024-08-01 19:11:19 UTC
Red Hat Product Errata RHSA-2024:5291 0 None None None 2024-08-13 15:25:33 UTC
Red Hat Product Errata RHSA-2024:5547 0 None None None 2024-08-19 07:42:07 UTC
Red Hat Product Errata RHSA-2024:6221 0 None None None 2024-09-03 11:45:43 UTC
Red Hat Product Errata RHSA-2024:6341 0 None None None 2024-10-23 00:30:44 UTC
Red Hat Product Errata RHSA-2024:6462 0 None None None 2024-09-09 00:49:25 UTC
Red Hat Product Errata RHSA-2024:6765 0 None None None 2024-09-18 16:04:13 UTC
Red Hat Product Errata RHSA-2024:6969 0 None None None 2024-09-24 03:21:46 UTC
Red Hat Product Errata RHSA-2024:7164 0 None None None 2024-09-26 03:47:36 UTC
Red Hat Product Errata RHSA-2024:9089 0 None None None 2024-11-12 08:41:50 UTC
Red Hat Product Errata RHSA-2024:9098 0 None None None 2024-11-12 08:45:37 UTC
Red Hat Product Errata RHSA-2024:9115 0 None None None 2024-11-12 08:48:27 UTC
Red Hat Product Errata RHSA-2024:9135 0 None None None 2024-11-12 08:55:00 UTC
Red Hat Product Errata RHSA-2024:9200 0 None None None 2024-11-12 09:05:29 UTC
Red Hat Product Errata RHSA-2024:9277 0 None None None 2024-11-12 09:10:41 UTC
Red Hat Product Errata RHSA-2024:9485 0 None None None 2024-11-13 13:16:08 UTC

Description Avinash Hanwate 2024-05-09 04:35:05 UTC 
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

https://go.dev/cl/578375
https://go.dev/issue/66754
https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
https://pkg.go.dev/vuln/GO-2024-2824
Comment 1 Avinash Hanwate 2024-05-09 04:40:37 UTC 
Created golang tracking bugs for this issue:

Affects: epel-all [bug 2279815]
Affects: fedora-all [bug 2279816]
Comment 9 errata-xmlrpc 2024-07-22 10:11:24 UTC 
This issue has been addressed in the following products:

  Cryostat 3 on RHEL 8

Via RHSA-2024:4697 https://access.redhat.com/errata/RHSA-2024:4697
Comment 10 errata-xmlrpc 2024-07-24 18:53:17 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2024:4613 https://access.redhat.com/errata/RHSA-2024:4613
Comment 11 errata-xmlrpc 2024-07-24 19:09:25 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2024:4616 https://access.redhat.com/errata/RHSA-2024:4616
Comment 12 errata-xmlrpc 2024-07-25 14:44:25 UTC 
This issue has been addressed in the following products:

  RHOSS-1.33-RHEL-8

Via RHSA-2024:4872 https://access.redhat.com/errata/RHSA-2024:4872
Comment 13 errata-xmlrpc 2024-08-01 19:11:11 UTC 
This issue has been addressed in the following products:

  OADP-1.3-RHEL-9

Via RHSA-2024:4982 https://access.redhat.com/errata/RHSA-2024:4982
Comment 15 errata-xmlrpc 2024-08-13 15:25:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:5291 https://access.redhat.com/errata/RHSA-2024:5291
Comment 16 errata-xmlrpc 2024-08-19 07:41:58 UTC 
This issue has been addressed in the following products:

  RHODF-4.16-RHEL-9

Via RHSA-2024:5547 https://access.redhat.com/errata/RHSA-2024:5547
Comment 19 errata-xmlrpc 2024-09-03 11:45:35 UTC 
This issue has been addressed in the following products:

  OPENSHIFT-BUILDS-1.1-RHEL-8

Via RHSA-2024:6221 https://access.redhat.com/errata/RHSA-2024:6221
Comment 20 errata-xmlrpc 2024-09-09 00:49:16 UTC 
This issue has been addressed in the following products:

  Cost Management for RHEL 8

Via RHSA-2024:6462 https://access.redhat.com/errata/RHSA-2024:6462
Comment 21 errata-xmlrpc 2024-09-18 16:04:05 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.4 for RHEL 9
  Red Hat Ansible Automation Platform 2.4 for RHEL 8

Via RHSA-2024:6765 https://access.redhat.com/errata/RHSA-2024:6765
Comment 22 errata-xmlrpc 2024-09-24 03:21:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:6969 https://access.redhat.com/errata/RHSA-2024:6969
Comment 23 errata-xmlrpc 2024-09-26 03:47:27 UTC 
This issue has been addressed in the following products:

  Red Hat Migration Toolkit for Containers 1.8

Via RHSA-2024:7164 https://access.redhat.com/errata/RHSA-2024:7164
Comment 26 errata-xmlrpc 2024-10-23 00:30:35 UTC 
This issue has been addressed in the following products:

  KDO-5.1-RHEL-9

Via RHSA-2024:6341 https://access.redhat.com/errata/RHSA-2024:6341
Comment 27 errata-xmlrpc 2024-11-12 08:41:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9089 https://access.redhat.com/errata/RHSA-2024:9089
Comment 28 errata-xmlrpc 2024-11-12 08:45:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9098 https://access.redhat.com/errata/RHSA-2024:9098
Comment 29 errata-xmlrpc 2024-11-12 08:48:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9115 https://access.redhat.com/errata/RHSA-2024:9115
Comment 30 errata-xmlrpc 2024-11-12 08:54:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9135 https://access.redhat.com/errata/RHSA-2024:9135
Comment 31 errata-xmlrpc 2024-11-12 09:05:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9200 https://access.redhat.com/errata/RHSA-2024:9200
Comment 32 errata-xmlrpc 2024-11-12 09:10:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9277 https://access.redhat.com/errata/RHSA-2024:9277
Comment 33 errata-xmlrpc 2024-11-13 13:15:58 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Services on OpenShift PODIFIED 1.0

Via RHSA-2024:9485 https://access.redhat.com/errata/RHSA-2024:9485
Note You need to log in before you can comment on or make changes to this bug.