CVE & CISA-KEV Catalog

CVE-2024-29902

MEDIUM
4.2
CVSS v3
NVD

Description

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other services on the machine that will not be available for the duration of the machine denial. The root cause of this issue is that Cosign reads the attachment from a remote image entirely into memory without checking the size of the attachment first. As such, a large attachment can make Cosign read a large attachment into memory; If the attachments size is larger than the machine has memory available, the machine will be denied of service. The Go runtime will make a SigKill after a few seconds of system-wide denial. This issue can allow a supply-chain escalation from a compromised registry to the Cosign user: If an attacher has compromised a registry or the account of an image vendor, they can include a malicious attachment and hurt the image consumer. Version 2.2.4 contains a patch for the vulnerability.

How to fix

Remediation Available
advanced-cluster-security/rhacsRed Hat / RHEL
Fixed in:collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64RHSA-2024:4836
Fixed in:roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64RHSA-2024:4836
Fixed in:scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64RHSA-2024:4836
Fixed in:main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64RHSA-2024:4836
Fixed in:collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64leRHSA-2024:4836
Fixed in:main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64leRHSA-2024:4836
Fixed in:operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64leRHSA-2024:4836
Fixed in:rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64leRHSA-2024:4836
Fixed in:roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64leRHSA-2024:4836
Fixed in:scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64leRHSA-2024:4836
Fixed in:operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64RHSA-2024:4836
Fixed in:rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64RHSA-2024:4836
Fixed in:collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390xRHSA-2024:4836
Fixed in:main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390xRHSA-2024:4836
Fixed in:operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390xRHSA-2024:4836
Fixed in:rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390xRHSA-2024:4836
Fixed in:roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390xRHSA-2024:4836
Fixed in:scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390xRHSA-2024:4836
advanced-cluster-security/rhacsRocky
Fixed in:collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64leRHSA-2024:4836
Fixed in:rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390xRHSA-2024:4836
Fixed in:operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390xRHSA-2024:4836
Fixed in:collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64RHSA-2024:4836
Fixed in:main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64RHSA-2024:4836
Fixed in:operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64RHSA-2024:4836
Fixed in:rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64RHSA-2024:4836
Fixed in:roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64RHSA-2024:4836
Fixed in:scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64RHSA-2024:4836
Fixed in:main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390xRHSA-2024:4836
Fixed in:main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64leRHSA-2024:4836
Fixed in:operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64leRHSA-2024:4836
Fixed in:rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64leRHSA-2024:4836
Fixed in:roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64leRHSA-2024:4836
Fixed in:scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64leRHSA-2024:4836
Fixed in:collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390xRHSA-2024:4836
Fixed in:scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390xRHSA-2024:4836
Fixed in:roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390xRHSA-2024:4836
advanced-cluster-security/rhacs-centralRocky
Fixed in:db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64leRHSA-2024:4836
Fixed in:db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64RHSA-2024:4836
Fixed in:db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390xRHSA-2024:4836
advanced-cluster-security/rhacs-centralRed Hat / RHEL
Fixed in:db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64leRHSA-2024:4836
Fixed in:db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390xRHSA-2024:4836
Fixed in:db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64RHSA-2024:4836
advanced-cluster-security/rhacs-collectorRed Hat / RHEL
Fixed in:slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64leRHSA-2024:4836
Fixed in:slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64RHSA-2024:4836
Fixed in:slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390xRHSA-2024:4836
advanced-cluster-security/rhacs-collectorRocky
Fixed in:slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390xRHSA-2024:4836
Fixed in:slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64RHSA-2024:4836
Fixed in:slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64leRHSA-2024:4836
advanced-cluster-security/rhacs-scannerRed Hat / RHEL
Fixed in:v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64leRHSA-2024:4836
Fixed in:db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64RHSA-2024:4836
Fixed in:slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64RHSA-2024:4836
Fixed in:v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64RHSA-2024:4836
Fixed in:db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64leRHSA-2024:4836
Fixed in:slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64leRHSA-2024:4836
Fixed in:db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390xRHSA-2024:4836
Fixed in:slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390xRHSA-2024:4836
Fixed in:v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390xRHSA-2024:4836
advanced-cluster-security/rhacs-scannerRocky
Fixed in:db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64RHSA-2024:4836
Fixed in:slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64RHSA-2024:4836
Fixed in:v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64RHSA-2024:4836
Fixed in:db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64leRHSA-2024:4836
Fixed in:slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64leRHSA-2024:4836
Fixed in:v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64leRHSA-2024:4836
Fixed in:db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390xRHSA-2024:4836
Fixed in:slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390xRHSA-2024:4836
Fixed in:v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390xRHSA-2024:4836
advanced-cluster-security/rhacs-scanner-dbRocky
Fixed in:slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390xRHSA-2024:4836
Fixed in:slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64RHSA-2024:4836
Fixed in:slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64leRHSA-2024:4836
advanced-cluster-security/rhacs-scanner-dbRed Hat / RHEL
Fixed in:slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64RHSA-2024:4836
Fixed in:slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64leRHSA-2024:4836
Fixed in:slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390xRHSA-2024:4836
advanced-cluster-security/rhacs-scanner-v4Rocky
Fixed in:db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64RHSA-2024:4836
Fixed in:db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390xRHSA-2024:4836
Fixed in:db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64leRHSA-2024:4836
advanced-cluster-security/rhacs-scanner-v4Red Hat / RHEL
Fixed in:db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390xRHSA-2024:4836
Fixed in:db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64leRHSA-2024:4836
Fixed in:db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64RHSA-2024:4836
openshift-pipelines-clientRocky
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022
openshift-pipelines-clientRed Hat / RHEL
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022
openshift-pipelines-client-redistributableRocky
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022
openshift-pipelines-client-redistributableRed Hat / RHEL
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022
Fixed in:0:1.15.0-11496.el8RHEA-2024:4022

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionRequired
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H

Exploit Intelligence

0.66%probability of exploitation in 30 days
47thpercentile

Moderate risk: more likely to be exploited than 47% of all known CVEs.

References

Vendor Advisory1
Release Notes1

Related Vulnerabilities

Other CWE-770 (Allocation of Resources Without Limits or Throttling) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-50387High7.5100%-Fix
CVE-2019-11478Medium5.395%-Fix
CVE-2019-11479High7.592%-Fix
CVE-2024-27316High7.591%-Fix
CVE-2022-30522High7.590%-Fix
CVE-2019-9515High7.588%-Fix
Embed a live status badge for CVE-2024-29902
CVE-2024-29902 severity badge

Markdown

[![CVE-2024-29902](https://tridentstack.com/cve/badge/CVE-2024-29902.svg)](https://tridentstack.com/cve/CVE-2024-29902)

HTML

<a href="https://tridentstack.com/cve/CVE-2024-29902"><img src="https://tridentstack.com/cve/badge/CVE-2024-29902.svg" alt="CVE-2024-29902"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-01-09.