CVE-2024-45338

Public on 2024-12-18

Modified on 2025-02-10

Description

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Severity

Medium

CVSS v3 Base Score

5.9

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
HAQM Linux 2 - Core	amazon-cloudwatch-agent	2025-02-26	ALAS2-2025-2779	Fixed
HAQM Linux 2023	amazon-cloudwatch-agent	2025-02-26	ALAS2023-2025-880	Fixed
HAQM Linux 2 - Docker Extra	amazon-ecr-credential-helper			Pending Fix
HAQM Linux 1	containerd			No Fix Planned
HAQM Linux 2 - Docker Extra	containerd			Not Affected
HAQM Linux 2023	containerd			Not Affected
HAQM Linux 2 - Core	cri-tools			Pending Fix
HAQM Linux 1	docker			No Fix Planned
HAQM Linux 2 - Docker Extra	docker			Not Affected
HAQM Linux 2023	docker			Not Affected
HAQM Linux 1	ecs-init			No Fix Planned
HAQM Linux 2 - Ecs Extra	ecs-init	2025-03-03	ALAS2ECS-2025-049	Fixed
HAQM Linux 2023	ecs-init	2025-02-26	ALAS2023-2025-879	Fixed
HAQM Linux 2 - Core	nerdctl	2025-01-30	ALAS2-2025-2749	Fixed
HAQM Linux 2023	nerdctl	2025-01-30	ALAS2023-2025-833	Fixed
HAQM Linux 2 - Docker Extra	runfinch-finch	2025-01-21	ALAS2DOCKER-2025-048	Fixed
HAQM Linux 2 - Docker Extra	runfinch-finch	2025-01-31	ALAS2DOCKER-2025-050	Fixed
HAQM Linux 2023	runfinch-finch	2025-01-21	ALAS2023-2025-816	Fixed
HAQM Linux 2023	runfinch-finch	2025-01-30	ALAS2023-2025-834	Fixed
HAQM Linux 2 - Docker Extra	soci-snapshotter	2025-02-12	ALAS2DOCKER-2025-052	Fixed
HAQM Linux 2023	soci-snapshotter	2025-02-12	ALAS2023-2025-858	Fixed

CVSS Scores

	Score Type	Score	Vector
HAQM Linux	CVSSv3	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD	CVSSv3	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

Red Hat: CVE-2024-45338 Mitre: CVE-2024-45338