CVE-2024-24786
Publication date 5 March 2024
Last updated 18 September 2024
Ubuntu priority
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| golang-google-protobuf | 24.04 LTS noble |
Needs evaluation
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal | Not in release | |
| google-guest-agent | 24.04 LTS noble |
Fixed 20240213.00-0ubuntu3.1
|
| 22.04 LTS jammy |
Fixed 20231004.02-0ubuntu1~22.04.4
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| google-osconfig-agent | 24.04 LTS noble |
Fixed 20240320.00-0ubuntu1~24.04.1
|
| 22.04 LTS jammy |
Fixed 20230504.00-0ubuntu1~22.04.1
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Notes
mdeslaur
This has been fixed in the (20240716.00-0ubuntu1~20.04.0) package for focal, but has not been copied over to the -security pocket yet.
References
Related Ubuntu Security Notices (USN)
- USN-6746-1
- Google Guest Agent and Google OS Config Agent vulnerability
- 23 April 2024
- USN-6746-2
- Google Guest Agent and Google OS Config Agent vulnerability
- 25 June 2024