Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-24786

Publication date 5 March 2024

Last updated 18 September 2024


Ubuntu priority

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

Read the notes from the security team

Status

Package Ubuntu Release Status
golang-google-protobuf 24.10 oracular
Needs evaluation
24.04 LTS noble
Needs evaluation
23.10 mantic Ignored end of life, was needs-triage
22.04 LTS jammy
Needs evaluation
20.04 LTS focal Not in release
google-guest-agent 24.10 oracular
Fixed 20240213.00-0ubuntu4
24.04 LTS noble
Fixed 20240213.00-0ubuntu3.1
23.10 mantic
Fixed 20231004.02-0ubuntu1~23.10.3
22.04 LTS jammy
Fixed 20231004.02-0ubuntu1~22.04.4
20.04 LTS focal
Fixed 20240213.00-0ubuntu4
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation
google-osconfig-agent 24.10 oracular
Fixed 20240320.00-0ubuntu2
24.04 LTS noble
Fixed 20240320.00-0ubuntu1~24.04.1
23.10 mantic
Fixed 20230504.00-0ubuntu2.2
22.04 LTS jammy
Fixed 20230504.00-0ubuntu1~22.04.1
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation

Notes


mdeslaur

This has been fixed in the (20240716.00-0ubuntu1~20.04.0) package for focal, but has not been copied over to the -security pocket yet.

References

Related Ubuntu Security Notices (USN)

    • USN-6746-1
    • Google Guest Agent and Google OS Config Agent vulnerability
    • 23 April 2024
    • USN-6746-2
    • Google Guest Agent and Google OS Config Agent vulnerability
    • 25 June 2024

Other references