Dismissed
Permalink
CVE-2024-3508
4.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): LOW
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
9 packages
- bzip2
- lbzip2
- pbzip2
- bzip2_1_1
- indexed-bzip2
- haskellPackages.bzip2-clib
- python312Packages.indexed-bzip2
- python313Packages.indexed-bzip2
- tests.pkg-config.defaultPkgConfigPackages.bzip2
- @LeSuisse dismissed
Bzip2: compressed content bomb leads to denial of service of bombastic api
A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed.
References
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry
- RHBZ#2274109 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry
- RHBZ#2274109 issue-tracking x_refsource_REDHAT
- RHBZ#2274109 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry
- RHBZ#2274109 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2274109 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry
- RHBZ#2274109 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2274109 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry
- RHBZ#2274109 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2274109 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry
- RHBZ#2274109 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2274109 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry
- RHBZ#2274109 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2274109 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry
- RHBZ#2274109 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2274109 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry
- RHBZ#2274109 issue-tracking x_refsource_REDHAT
- RHBZ#2274109 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry x_transferred
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry
- RHBZ#2274109 issue-tracking x_refsource_REDHAT
- RHBZ#2274109 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-3508 x_refsource_REDHAT vdb-entry x_transferred
Affected products
bzip2
- ==faa7a496c5d98e0f0859dd2c623eddf82289eaa8
SBOM-Management-(Bombastic)