What is RHSA-2024:8704?

RHSA-2024:8704 is a security advisory published by Red Hat Product Security with Medium severity. Red Hat Security Advisory: Kube Descheduler Operator for Red Hat OpenShift 5.0.2 for RHEL 9

Which CVE IDs does RHSA-2024:8704 cover?

RHSA-2024:8704 covers the following CVE IDs: CVE-2024-24786, CVE-2024-34155, CVE-2024-34158. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of RHSA-2024:8704?

RHSA-2024:8704 has a CVSS v3 base score of 5.9, published by Red Hat Product Security.

RHSA-2024:8704MediumCVSS 5.9

Red Hat Security Advisory: Kube Descheduler Operator for Red Hat OpenShift 5.0.2 for RHEL 9

Vendor

Red Hat Product Security

Published

December 2, 2024

Last Modified

May 26, 2026

🔗 CVE IDs covered (3)

CVE-2024-24786 →CVE-2024-34155 →CVE-2024-34158 →

📋 Description

CVE-2024-24786 — golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON CVE-2024-34155 — go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion CVE-2024-34158 — go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

🔗 References (6)

selfhttps://access.redhat.com/errata/RHSA-2024:8704
externalhttps://access.redhat.com/security/updates/classification/#moderate
externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2268046
externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2310527
externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2310529
selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8704.json