search

scylladb / scylla-operator

The Kubernetes Operator for ScyllaDB
https://operator.docs.scylladb.com/
Apache License 2.0
323 stars 159 forks source link

[v1.12] CVE-2024-24788: A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. #1914

Closed rzetelskik closed 1 month ago

rzetelskik commented 1 month ago

https://prow.scylla-operator.scylladb.com/view/gs/scylla-operator-prow/logs/ci-scylla-operator-v1.12-govulncheck/1788146917901864960

Vulnerability #1: GO-2024-2824
    Malformed DNS message can cause infinite loop in net
  More info: https://pkg.go.dev/vuln/GO-2024-2824
  Standard library
    Found in: net@go1.21.9
    Fixed in: net@go1.21.10
    Example traces found:
      #1: pkg/thirdparty/github.com/onsi/ginkgo/v2/exposedinternal/parallel_support/rpc_client.go:31:39: parallel_support.rpcClient.Connect calls rpc.DialHTTPPath, which calls net.Dial
      #2: pkg/scyllaclient/client.go:451:24: scyllaclient.fixContentType calls http.Transport.RoundTrip, which eventually calls net.Dialer.Dial
      #3: test/e2e/set/scyllacluster/scyllacluster_shardawareness.go:91:24: scyllacluster.init calls net.Dialer.DialContext
      #4: pkg/cmd/operator/webhooks.go:217:29: operator.WebhookOptions.run calls net.Listen
      #5: pkg/util/cloud/gke.go:31:30: cloud.OnGKE calls net.LookupHost
      #[6](https://prow.scylla-operator.scylladb.com/view/gs/scylla-operator-prow/logs/ci-scylla-operator-v1.12-govulncheck/1788146917901864960#1:build-log.txt%3A6): test/e2e/utils/datainserter.go:188:64: utils.DataInserter.createSession calls gocql.ClusterConfig.CreateSession, which eventually calls net.LookupIP
      #[7](https://prow.scylla-operator.scylladb.com/view/gs/scylla-operator-prow/logs/ci-scylla-operator-v1.12-govulncheck/1788146917901864960#1:build-log.txt%3A7): test/e2e/set/scyllacluster/scyllacluster_shardawareness.go:[8](https://prow.scylla-operator.scylladb.com/view/gs/scylla-operator-prow/logs/ci-scylla-operator-v1.12-govulncheck/1788146917901864960#1:build-log.txt%3A8)0:40: scyllacluster.init calls net.ResolveTCPAddr
      #8: pkg/thirdparty/k8s.io/kubernetes/pkg/controller/controller_ref_manager.go:40:1[9](https://prow.scylla-operator.scylladb.com/view/gs/scylla-operator-prow/logs/ci-scylla-operator-v1.12-govulncheck/1788146917901864960#1:build-log.txt%3A9): controller.BaseControllerRefManager.CanAdopt calls sync.Once.Do, which eventually calls net.Resolver.LookupHost
      #9: test/e2e/framework/framework.go:66:13: framework.NewFramework calls ginkgo.AfterEach, which eventually calls net.Resolver.LookupSRV
      #[10](https://prow.scylla-operator.scylladb.com/view/gs/scylla-operator-prow/logs/ci-scylla-operator-v1.12-govulncheck/1788146917901864960#1:build-log.txt%3A10): test/e2e/framework/framework.go:66:13: framework.NewFramework calls ginkgo.AfterEach, which eventually calls net.Resolver.LookupTXT

/kind feature /priority critical-urgent /assign

rzetelskik commented 1 month ago

Completed in #1915