CVE-2022-24685

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-24685

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24685.json

Aliases

GHSA-3382-r9q8-4hfg

Published

2022-02-28T14:15:08Z

Modified

2023-11-29T09:30:29.036663Z

Details

HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6.

References

https://discuss.hashicorp.com
https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561
https://security.netapp.com/advisory/ntap-20220331-0007/
https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/

Affected packages

Git / github.com/hashicorp/nomad

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/nomad
Events: Introduced

bee0c3e04eb4ce34b8ac22ff27fcb421a9dccec5

Fixed

95514d569610f15ce49b4a7a1a6bfd3e7b3e7b4f

Introduced

f99f1e27bb66bee36a1f3cdf00335e81e93ffff2

Affected versions

v1.*

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5