x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-52529

[GoVulnBot]

Advisory CVE-2024-52529 references a vulnerability in the following Go modules:

Module
github.com/cilium/cilium

Description:
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range AND 2. A Layer 7 allow policy that selects a specific port within the first policy's range the Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy. This issue only affects users who use Cilium's port range functionality, which was introduced in Cilium v1.16. This issue is patched in PR #35150. This issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclus...

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-52529
• FIX: bpf: Policy map precedence by LPM prefix length cilium/cilium#35150
• WEB: GHSA-xg58-75qf-9r67

Cross references:

• github.com/cilium/cilium appears in 25 other report(s):
  • data/excluded/GO-2022-0530.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-wc5v-r48v-g4vh #530) NOT_GO_CODE
  • data/excluded/GO-2023-1642.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-4hc4-pgfx-3mrx #1642) NOT_GO_CODE
  • data/reports/GO-2022-0393.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-c66w-hq56-4q97 #393)
  • data/reports/GO-2022-0457.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2022-29178 #457)
  • data/reports/GO-2022-0458.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2022-29179 #458)
  • data/reports/GO-2022-0959.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-pfhr-pccp-hwmh #959)
  • data/reports/GO-2023-1643.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-8fg8-jh2h-f2hc #1643)
  • data/reports/GO-2023-1644.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-r5x6-w42p-jhpp #1644)
  • data/reports/GO-2023-1730.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2023-29002 #1730)
  • data/reports/GO-2023-1785.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-2h44-x2wx-49f4 #1785)
  • data/reports/GO-2023-1862.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2023-34242 #1862)
  • data/reports/GO-2023-2078.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-gj2r-phwg-6rww #2078)
  • data/reports/GO-2023-2079.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-24m5-r6hv-ccgp #2079)
  • data/reports/GO-2023-2080.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-4xp2-w642-7mcx #2080)
  • data/reports/GO-2024-2568.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-25630 #2568)
  • data/reports/GO-2024-2569.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-25631 #2569)
  • data/reports/GO-2024-2653.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-68mj-9pjq-mc85 #2653)
  • data/reports/GO-2024-2656.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-j89h-qrvr-xc36 #2656)
  • data/reports/GO-2024-2657.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-v6q2-4qr3-5cw6 #2657)
  • data/reports/GO-2024-2666.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-pwqm-x5x6-5586 #2666)
  • data/reports/GO-2024-2922.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-37307 #2922)
  • data/reports/GO-2024-3071.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-42487 #3071)
  • data/reports/GO-2024-3072.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-42488 #3072)
  • data/reports/GO-2024-3074.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-42486 #3074)
  • data/reports/GO-2024-3208.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-3wwx-63fv-pfq6 #3208)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/cilium/cilium
      vulnerable_at: 1.16.4
summary: CVE-2024-52529 in github.com/cilium/cilium
cves:
    - CVE-2024-52529
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-52529
    - fix: https://github.com/cilium/cilium/pull/35150
    - web: https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67
source:
    id: CVE-2024-52529
    created: 2024-11-25T20:01:20.791406445Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/632255 mentions this issue: data/reports: add 7 unreviewed reports