Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for crypto/tls by Go standard library

    CVE-2026-42505 (GCVE-0-2026-42505)

    Vulnerability from nvd – Published: 2026-07-08 15:46 – Updated: 2026-07-08 19:38
    VLAI
    Title
    Invoking Encrypted Client Hello privacy leak in crypto/tls
    Summary
    Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.25.12 (semver)
    Affected: 1.26.0-0 , < 1.26.5 (semver)
    Affected: 1.27.0-0 , < 1.27.0-rc.2 (semver)
    Create a notification for this product.
    Credits
    Coia Prant (github.com/rbqvq)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42505",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T18:03:53.821942Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-201",
                    "description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T19:38:17.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "clientHelloMsg.marshalMsg"
                },
                {
                  "name": "Conn.Handshake"
                },
                {
                  "name": "Conn.HandshakeContext"
                },
                {
                  "name": "Conn.Read"
                },
                {
                  "name": "Conn.Write"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialWithDialer"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                },
                {
                  "name": "QUICConn.HandleData"
                },
                {
                  "name": "QUICConn.SendSessionTicket"
                },
                {
                  "name": "QUICConn.Start"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.25.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.5",
                  "status": "affected",
                  "version": "1.26.0-0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.27.0-rc.2",
                  "status": "affected",
                  "version": "1.27.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Coia Prant (github.com/rbqvq)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T15:46:33.407Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/775960"
            },
            {
              "url": "https://go.dev/issue/79282"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/OrmQE_Yp5Sc"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2026-5856"
            }
          ],
          "title": "Invoking Encrypted Client Hello privacy leak in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2026-42505",
        "datePublished": "2026-07-08T15:46:33.407Z",
        "dateReserved": "2026-04-28T00:21:12.792Z",
        "dateUpdated": "2026-07-08T19:38:17.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32283 (GCVE-0-2026-32283)

    Vulnerability from nvd – Published: 2026-04-08 01:06 – Updated: 2026-07-09 12:10
    VLAI
    Title
    Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
    Summary
    If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-667 - Improper Locking
    • CWE-764 - Multiple Locks of a Critical Resource
    Assigner
    Go
    References
    URL Tags
    https://go.dev/cl/763767
    https://go.dev/issue/78334
    https://groups.google.com/g/golang-announce/c/0uY…
    https://pkg.go.dev/vuln/GO-2026-4870
    https://access.redhat.com/security/cve/CVE-2026-32283 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2456338 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:24762 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16101 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24761 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27076 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14391 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36796 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28047 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20569 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23103 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19715 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16024 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19550 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18032 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18027 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17084 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19719 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19750 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20570 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22713 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19714 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20571 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19450 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10217 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11712 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11881 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11863 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17075 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:29195 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23102 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19133 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19139 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19137 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19134 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19136 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22937 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19144 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19135 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22450 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24470 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19156 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19132 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:29035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19126 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33722 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10704 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16875 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11507 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11514 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15980 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19634 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16102 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34192 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34196 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34197 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19721 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20607 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20608 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19722 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16021 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20556 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19839 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28038 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19720 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22709 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17287 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24337 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20609 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14200 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10219 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11711 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11704 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:29455 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:29703 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19350 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19352 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19351 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23228 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19353 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22714 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26447 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19369 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28074 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26636 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22423 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22347 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21769 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23345 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26571 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7385 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7291 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22485 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14162 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.25.9 (semver)
    Affected: 1.26.0-0 , < 1.26.2 (semver)
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 10     cpe:/a:redhat:ansible_automation_platform:2.6::el10
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8     cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 8     cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9     cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9     cpe:/a:redhat:ansible_automation_platform:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
    Create a notification for this product.
    Red Hat Cryostat 4 on RHEL 9     cpe:/a:redhat:cryostat:4::el9
    Create a notification for this product.
    Red Hat RHEM 1.0 for RHEL 9     cpe:/a:redhat:edge_manager:1.0::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9     cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9     cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
        cpe:/a:redhat:satellite_maintenance:6.19::el9
        cpe:/a:redhat:satellite_utils:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.6)     cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.6)     cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.4)     cpe:/a:redhat:rhel_e4s:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Custom Metric Autoscaler 2.19     cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.3.4     cpe:/a:redhat:multicluster_globalhub:1.3::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.4.5     cpe:/a:redhat:multicluster_globalhub:1.4::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.5.4     cpe:/a:redhat:multicluster_globalhub:1.5::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.6.2     cpe:/a:redhat:multicluster_globalhub:1.6::el9
    Create a notification for this product.
    Red Hat OpenShift Compliance Operator 1     cpe:/a:redhat:openshift_compliance_operator:1::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Lightspeed (formerly Insights) for Runtimes 1     cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.9.3     cpe:/a:redhat:openshift_distributed_tracing:3.9::el9
    Create a notification for this product.
    Red Hat Assisted Installer for Red Hat OpenShift Container Platform 2     cpe:/a:redhat:assisted_installer:2
    Create a notification for this product.
    Red Hat Builds for Red Hat OpenShift     cpe:/a:redhat:openshift_builds:1
    Create a notification for this product.
    Red Hat cert-manager Operator for Red Hat OpenShift     cpe:/a:redhat:cert_manager:1
    Create a notification for this product.
    Red Hat Confidential Compute Attestation     cpe:/a:redhat:confidential_compute_attestation:1
    Create a notification for this product.
    Red Hat Deployment Validation Operator     cpe:/a:redhat:deployment_validator_operator
    Create a notification for this product.
    Red Hat External Secrets Operator for Red Hat OpenShift     cpe:/a:redhat:external_secrets_operator:1
    Create a notification for this product.
    Red Hat ExternalDNS Operator     cpe:/a:redhat:ext_dns_optr:1
    Create a notification for this product.
    Red Hat Fence Agents Remediation Operator     cpe:/a:redhat:workload_availability_far:0
    Create a notification for this product.
    Red Hat File Integrity Operator     cpe:/a:redhat:openshift_file_integrity_operator:1
    Create a notification for this product.
    Red Hat Gatekeeper 3     cpe:/a:redhat:gatekeeper:3
    Create a notification for this product.
    Red Hat Logging Subsystem for Red Hat OpenShift     cpe:/a:redhat:logging:5
    Create a notification for this product.
    Red Hat Logical Volume Manager Storage     cpe:/a:redhat:lvms:4
    Create a notification for this product.
    Red Hat Machine Deletion Remediation Operator     cpe:/a:redhat:workload_availability_mdr:0
    Create a notification for this product.
    Red Hat Migration Toolkit for Containers     cpe:/a:redhat:rhmt:1
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift     cpe:/a:redhat:mirror_registry:1
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift 2     cpe:/a:redhat:mirror_registry:2
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat Network Observability Operator     cpe:/a:redhat:network_observ_optr:1
    Create a notification for this product.
    Red Hat Node HealthCheck Operator     cpe:/a:redhat:workload_availability_nhc:0
    Create a notification for this product.
    Red Hat OpenShift API for Data Protection     cpe:/a:redhat:openshift_api_data_protection:1
    Create a notification for this product.
    Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
    Create a notification for this product.
    Red Hat OpenShift Lightspeed     cpe:/a:redhat:openshift_lightspeed
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 2     cpe:/a:redhat:service_mesh:2
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 3     cpe:/a:redhat:service_mesh:3
    Create a notification for this product.
    Red Hat Power monitoring for Red Hat OpenShift     cpe:/a:redhat:openshift_power_monitoring
    Create a notification for this product.
    Red Hat Red Hat 3scale API Management Platform 2     cpe:/a:redhat:red_hat_3scale_amp:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4     cpe:/a:redhat:advanced_cluster_security:4
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server     cpe:/a:redhat:ai_inference_server:3
    Create a notification for this product.
    Red Hat Red Hat AMQ Broker 7     cpe:/a:redhat:amq_broker:7
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 2     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat Certification Program for Red Hat Enterprise Linux 9     cpe:/a:redhat:certifications:9
    Create a notification for this product.
    Red Hat Red Hat Connectivity Link 1     cpe:/a:redhat:connectivity_link:1
    Create a notification for this product.
    Red Hat Red Hat Developer Hub     cpe:/a:redhat:rhdh:1
    Create a notification for this product.
    Red Hat Red Hat Edge Manager 1     cpe:/a:redhat:edge_manager:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI (RHEL AI) 3     cpe:/a:redhat:enterprise_linux_ai:3
    Create a notification for this product.
    Red Hat Red Hat JBoss Web Server 6     cpe:/a:redhat:jboss_enterprise_web_server:6
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Cluster Manager CLI     cpe:/a:redhat:openshift_cluster_manager_cli:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Workspaces Operator     cpe:/a:redhat:devworkspace
    Create a notification for this product.
    Red Hat Red Hat OpenShift for Windows Containers     cpe:/a:redhat:windows_machine_config
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift on AWS     cpe:/a:redhat:openshift_service_on_aws:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer     cpe:/a:redhat:trusted_artifact_signer:1
    Create a notification for this product.
    Red Hat Red Hat Web Terminal     cpe:/a:redhat:webterminal:1
    Create a notification for this product.
    Red Hat Security Profiles Operator     cpe:/a:redhat:openshift_security_profiles_operator:1
    Create a notification for this product.
    Red Hat Service Telemetry Framework 1.5     cpe:/a:redhat:stf:1.5
    Create a notification for this product.
    Red Hat streams for Apache Kafka 3     cpe:/a:redhat:amq_streams:3
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager     cpe:/a:redhat:zero_trust_workload_identity_manager:1
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager - Tech Preview     cpe:/a:redhat:zero_trust_workload_identity_manager:0
    Create a notification for this product.
    Red Hat Migration Toolkit for Applications 8     cpe:/a:redhat:migration_toolkit_applications:8
    Create a notification for this product.
    Red Hat Red Hat Service Interconnect 1     cpe:/a:redhat:service_interconnect:1
    Create a notification for this product.
    Red Hat Red Hat Service Interconnect 2     cpe:/a:redhat:service_interconnect:2
    Create a notification for this product.
    Credits
    Jakub Ciolek - https://ciolek.dev/
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32283",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T17:51:46.207289Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T18:19:55.848Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el10",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el8",
                  "cpe:/a:redhat:satellite_capsule:6.16::el8",
                  "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                  "cpe:/a:redhat:satellite_utils:6.16::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.16 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el9",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cryostat:4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Cryostat 4 on RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:edge_manager:1.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "RHEM 1.0 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:17.1",
                  "cpe:/a:redhat:openstack:17.1::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 17.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el9",
                  "cpe:/a:redhat:satellite_capsule:6.16::el9",
                  "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                  "cpe:/a:redhat:satellite_utils:6.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.16 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.19::el9",
                  "cpe:/a:redhat:satellite_capsule:6.19::el9",
                  "cpe:/a:redhat:satellite_maintenance:6.19::el9",
                  "cpe:/a:redhat:satellite_utils:6.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.19 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Custom Metric Autoscaler 2.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.3.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.4.5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.5.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.6.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_compliance_operator:1::el9"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Compliance Operator 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Lightspeed (formerly Insights) for Runtimes 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift distributed tracing 3.9.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:assisted_installer:2"
                ],
                "defaultStatus": "affected",
                "product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_builds:1"
                ],
                "defaultStatus": "affected",
                "product": "Builds for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cert_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "cert-manager Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:confidential_compute_attestation:1"
                ],
                "defaultStatus": "affected",
                "product": "Confidential Compute Attestation",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:deployment_validator_operator"
                ],
                "defaultStatus": "affected",
                "product": "Deployment Validation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:external_secrets_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "External Secrets Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ext_dns_optr:1"
                ],
                "defaultStatus": "affected",
                "product": "ExternalDNS Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_far:0"
                ],
                "defaultStatus": "affected",
                "product": "Fence Agents Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_file_integrity_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "File Integrity Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:gatekeeper:3"
                ],
                "defaultStatus": "affected",
                "product": "Gatekeeper 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:logging:5"
                ],
                "defaultStatus": "affected",
                "product": "Logging Subsystem for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:lvms:4"
                ],
                "defaultStatus": "affected",
                "product": "Logical Volume Manager Storage",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_mdr:0"
                ],
                "defaultStatus": "affected",
                "product": "Machine Deletion Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhmt:1"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:mirror_registry:1"
                ],
                "defaultStatus": "affected",
                "product": "mirror registry for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:mirror_registry:2"
                ],
                "defaultStatus": "affected",
                "product": "mirror registry for Red Hat OpenShift 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Engine for Kubernetes",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:network_observ_optr:1"
                ],
                "defaultStatus": "affected",
                "product": "Network Observability Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_nhc:0"
                ],
                "defaultStatus": "affected",
                "product": "Node HealthCheck Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_api_data_protection:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift API for Data Protection",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ocp_tools"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Developer Tools and Services",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_lightspeed"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Pipelines",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:serverless:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Serverless",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Service Mesh 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Service Mesh 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_power_monitoring"
                ],
                "defaultStatus": "affected",
                "product": "Power monitoring for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_3scale_amp:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat 3scale API Management Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_broker:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AMQ Broker 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:apache_camel_hawtio:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Apache Camel - HawtIO 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_registry:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Apicurio Registry 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:certifications:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:connectivity_link:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Connectivity Link 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhdh:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Developer Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:edge_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Edge Manager 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_web_server:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Web Server 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_cluster_manager_cli:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Cluster Manager CLI",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Dev Spaces",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:devworkspace"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Dev Workspaces Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:windows_machine_config"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift for Windows Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_service_on_aws:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift on AWS",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Virtualization 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:16.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 16.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:18.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 18.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Trusted Artifact Signer",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:webterminal:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Web Terminal",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_security_profiles_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "Security Profiles Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:stf:1.5"
                ],
                "defaultStatus": "affected",
                "product": "Service Telemetry Framework 1.5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_streams:3"
                ],
                "defaultStatus": "affected",
                "product": "streams for Apache Kafka 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "Zero Trust Workload Identity Manager",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:0"
                ],
                "defaultStatus": "affected",
                "product": "Zero Trust Workload Identity Manager - Tech Preview",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_applications:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Migration Toolkit for Applications 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_interconnect:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Service Interconnect 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_interconnect:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Service Interconnect 2",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-08T01:06:57.670Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS)."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-764",
                    "description": "Multiple Locks of a Critical Resource",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T12:10:01.972Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-32283"
              },
              {
                "name": "RHBZ#2456338",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32283.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24762"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16101"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24761"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27076"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14391"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36796"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28047"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34365"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20569"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23103"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19715"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16024"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19550"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18032"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18027"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17084"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19719"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19750"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20570"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22713"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19714"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20571"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19450"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10217"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11712"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11881"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11863"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17075"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:29195"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23102"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19133"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19139"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19137"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19134"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19136"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22937"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19144"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19135"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22450"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24470"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19156"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19132"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:29035"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19126"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33722"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10704"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16875"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11507"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11514"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15980"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19634"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16102"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34192"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34196"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34197"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19721"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20607"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20608"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19722"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16021"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20556"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19839"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28038"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19720"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22709"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17287"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24337"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20609"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14200"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10219"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11711"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11704"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:29455"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:29703"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19350"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19352"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19351"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23228"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19353"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22714"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26447"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19369"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28074"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26636"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22423"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22347"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21769"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23345"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26571"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7385"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7291"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22485"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14162"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 10, Red Hat Ansible Automation Platform 2.6 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16101: Red Hat Enterprise Linux Server (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27076: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14391: Cryostat 4 on RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36796: RHEM 1.0 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28047: Red Hat OpenStack Platform 17.1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34365: Red Hat Satellite 6.19 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20569: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23103: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19715: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16024: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19550: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18032: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18027: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17084: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19719: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19750: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20570: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22713: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19714: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20571: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19450: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10217: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11712: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11881: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11863: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17075: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:29195: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23102: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19133: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19139: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19137: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19134: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19136: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22937: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19144: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19135: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22450: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24470: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19156: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19132: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:29035: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19126: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33722: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10704: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16875: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11507: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11514: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15980: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19634: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16102: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34192: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34196: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34197: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19721: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20607: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20608: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19722: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16021: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20556: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19839: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28038: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19720: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22709: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17287: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24337: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20609: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14200: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10219: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11711: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11704: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:29455: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:29703: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19350: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19352: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19351: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23228: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19353: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22714: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26447: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19369: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28074: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26636: Custom Metric Autoscaler 2.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22423: Multicluster Global Hub 1.3.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22347: Multicluster Global Hub 1.4.5"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21769: Multicluster Global Hub 1.5.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23345: Multicluster Global Hub 1.6.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26571: OpenShift Compliance Operator 1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7385: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7291: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22485: Red Hat Lightspeed (formerly Insights) for Runtimes 1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14162: Red Hat OpenShift distributed tracing 3.9.3"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-08T02:01:16.213Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-08T01:06:57.670Z",
                "value": "Made public."
              }
            ],
            "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "Conn.handleKeyUpdate"
                },
                {
                  "name": "clientHandshakeStateTLS13.establishHandshakeKeys"
                },
                {
                  "name": "clientHandshakeStateTLS13.readServerFinished"
                },
                {
                  "name": "serverHandshakeStateTLS13.sendServerParameters"
                },
                {
                  "name": "serverHandshakeStateTLS13.readClientFinished"
                },
                {
                  "name": "Conn.Handshake"
                },
                {
                  "name": "Conn.HandshakeContext"
                },
                {
                  "name": "Conn.Read"
                },
                {
                  "name": "Conn.Write"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialWithDialer"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                },
                {
                  "name": "QUICConn.HandleData"
                },
                {
                  "name": "QUICConn.Start"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.25.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.2",
                  "status": "affected",
                  "version": "1.26.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Jakub Ciolek - https://ciolek.dev/"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-667: Improper Locking",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T01:06:57.670Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/763767"
            },
            {
              "url": "https://go.dev/issue/78334"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2026-4870"
            }
          ],
          "title": "Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2026-32283",
        "datePublished": "2026-04-08T01:06:57.670Z",
        "dateReserved": "2026-03-11T16:38:46.556Z",
        "dateUpdated": "2026-07-09T12:10:01.972Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-68121 (GCVE-0-2025-68121)

    Vulnerability from nvd – Published: 2026-02-05 17:48 – Updated: 2026-04-29 13:29
    VLAI
    Title
    Unexpected session resumption in crypto/tls
    Summary
    During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.24.13 (semver)
    Affected: 1.25.0-0 , < 1.25.7 (semver)
    Affected: 1.26.0-rc.1 , < 1.26.0-rc.3 (semver)
    Create a notification for this product.
    Credits
    Coia Prant (github.com/rbqvq) Go Security Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-68121",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T03:55:46.305385Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-295",
                    "description": "CWE-295 Improper Certificate Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-29T13:29:25.582Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "Conn.handshakeContext"
                },
                {
                  "name": "Conn.Handshake"
                },
                {
                  "name": "Conn.HandshakeContext"
                },
                {
                  "name": "Conn.Read"
                },
                {
                  "name": "Conn.Write"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialWithDialer"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                },
                {
                  "name": "QUICConn.Start"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.24.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.25.7",
                  "status": "affected",
                  "version": "1.25.0-0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.0-rc.3",
                  "status": "affected",
                  "version": "1.26.0-rc.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Coia Prant (github.com/rbqvq)"
            },
            {
              "lang": "en",
              "value": "Go Security Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-295: Improper Certificate Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-05T17:48:44.141Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
            },
            {
              "url": "https://go.dev/cl/737700"
            },
            {
              "url": "https://go.dev/issue/77217"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2026-4337"
            }
          ],
          "title": "Unexpected session resumption in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2025-68121",
        "datePublished": "2026-02-05T17:48:44.141Z",
        "dateReserved": "2025-12-15T16:48:04.451Z",
        "dateUpdated": "2026-04-29T13:29:25.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-61730 (GCVE-0-2025-61730)

    Vulnerability from nvd – Published: 2026-01-28 19:30 – Updated: 2026-02-02 17:28
    VLAI
    Title
    Handshake messages may be processed at the incorrect encryption level in crypto/tls
    Summary
    During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-940 - Improper Verification of Source of a Communication Channel
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.24.12 (semver)
    Affected: 1.25.0 , < 1.25.6 (semver)
    Create a notification for this product.
    Credits
    Coia Prant (github.com/rbqvq)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-61730",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-02T17:28:46.305649Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-02T17:28:49.572Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "Conn.handleKeyUpdate"
                },
                {
                  "name": "Conn.handshakeContext"
                },
                {
                  "name": "clientHandshakeStateTLS13.establishHandshakeKeys"
                },
                {
                  "name": "clientHandshakeStateTLS13.readServerFinished"
                },
                {
                  "name": "clientHandshakeStateTLS13.sendClientFinished"
                },
                {
                  "name": "serverHandshakeStateTLS13.checkForResumption"
                },
                {
                  "name": "serverHandshakeStateTLS13.doHelloRetryRequest"
                },
                {
                  "name": "serverHandshakeStateTLS13.sendServerParameters"
                },
                {
                  "name": "serverHandshakeStateTLS13.sendServerFinished"
                },
                {
                  "name": "serverHandshakeStateTLS13.readClientFinished"
                },
                {
                  "name": "Conn.quicSetReadSecret"
                },
                {
                  "name": "Conn.Handshake"
                },
                {
                  "name": "Conn.HandshakeContext"
                },
                {
                  "name": "Conn.Read"
                },
                {
                  "name": "Conn.Write"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialWithDialer"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                },
                {
                  "name": "QUICConn.HandleData"
                },
                {
                  "name": "QUICConn.Start"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.24.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.25.6",
                  "status": "affected",
                  "version": "1.25.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Coia Prant (github.com/rbqvq)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-940: Improper Verification of Source of a Communication Channel",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-28T19:30:30.986Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/724120"
            },
            {
              "url": "https://go.dev/issue/76443"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2026-4340"
            }
          ],
          "title": "Handshake messages may be processed at the incorrect encryption level in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2025-61730",
        "datePublished": "2026-01-28T19:30:30.986Z",
        "dateReserved": "2025-09-30T15:05:03.605Z",
        "dateUpdated": "2026-02-02T17:28:49.572Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-58189 (GCVE-0-2025-58189)

    Vulnerability from nvd – Published: 2025-10-29 22:10 – Updated: 2025-11-04 21:13
    VLAI
    Title
    ALPN negotiation error contains attacker controlled information in crypto/tls
    Summary
    When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-117 - Improper Output Neutralization for Logs
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.24.8 (semver)
    Affected: 1.25.0 , < 1.25.2 (semver)
    Create a notification for this product.
    Credits
    National Cyber Security Centre Finland
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58189",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-03T19:50:48.668117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:51:22.704Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:13:39.428Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/10/08/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "negotiateALPN"
                },
                {
                  "name": "Conn.Handshake"
                },
                {
                  "name": "Conn.HandshakeContext"
                },
                {
                  "name": "Conn.Read"
                },
                {
                  "name": "Conn.Write"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialWithDialer"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                },
                {
                  "name": "QUICConn.Start"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.24.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.25.2",
                  "status": "affected",
                  "version": "1.25.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "National Cyber Security Centre Finland"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-117: Improper Output Neutralization for Logs",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-29T22:10:12.947Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/707776"
            },
            {
              "url": "https://go.dev/issue/75652"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2025-4008"
            }
          ],
          "title": "ALPN negotiation error contains attacker controlled information in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2025-58189",
        "datePublished": "2025-10-29T22:10:12.947Z",
        "dateReserved": "2025-08-27T14:50:58.692Z",
        "dateUpdated": "2025-11-04T21:13:39.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-45287 (GCVE-0-2023-45287)

    Vulnerability from nvd – Published: 2023-12-05 16:18 – Updated: 2025-02-13 17:14
    VLAI
    Title
    Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel
    Summary
    Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.
    Severity
    No CVSS data available.
    CWE
    • CWE-208 - Observable Timing Discrepancy
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.20.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:21:15.309Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/20654"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/326012/26"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/QMK8IQALDvA"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://people.redhat.com/~hkario/marvin/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2023-2375"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240112-0005/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "rsaKeyAgreement.processClientKeyExchange"
                },
                {
                  "name": "rsaKeyAgreement.generateClientKeyExchange"
                },
                {
                  "name": "Conn.Handshake"
                },
                {
                  "name": "Conn.HandshakeContext"
                },
                {
                  "name": "Conn.Read"
                },
                {
                  "name": "Conn.Write"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialWithDialer"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.20.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-208: Observable Timing Discrepancy",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-12T14:06:27.569Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/20654"
            },
            {
              "url": "https://go.dev/cl/326012/26"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/QMK8IQALDvA"
            },
            {
              "url": "https://people.redhat.com/~hkario/marvin/"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2023-2375"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240112-0005/"
            }
          ],
          "title": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2023-45287",
        "datePublished": "2023-12-05T16:18:06.104Z",
        "dateReserved": "2023-10-06T17:06:26.221Z",
        "dateUpdated": "2025-02-13T17:14:00.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39322 (GCVE-0-2023-39322)

    Vulnerability from nvd – Published: 2023-09-08 16:13 – Updated: 2025-02-13 17:02
    VLAI
    Title
    Memory exhaustion in QUIC connection handling in crypto/tls
    Summary
    QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 1.21.0-0 , < 1.21.1 (semver)
    Create a notification for this product.
    go_standard_library crypto_tls Affected: 1.21.0-0 , < 1.21.1 (semver)
        cpe:2.3:a:go_standard_library:crypto_tls:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Marten Seemann
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:02:07.098Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/62266"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/523039"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2023-2045"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231020-0004/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-09"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:go_standard_library:crypto_tls:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crypto_tls",
                "vendor": "go_standard_library",
                "versions": [
                  {
                    "lessThan": "1.21.1",
                    "status": "affected",
                    "version": "1.21.0-0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39322",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T15:53:33.932737Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T15:56:13.357Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "QUICConn.HandleData"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.21.1",
                  "status": "affected",
                  "version": "1.21.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marten Seemann"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-25T11:09:57.257Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/62266"
            },
            {
              "url": "https://go.dev/cl/523039"
            },
            {
              "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2023-2045"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231020-0004/"
            },
            {
              "url": "https://security.gentoo.org/glsa/202311-09"
            }
          ],
          "title": "Memory exhaustion in QUIC connection handling in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2023-39322",
        "datePublished": "2023-09-08T16:13:32.795Z",
        "dateReserved": "2023-07-27T17:05:55.187Z",
        "dateUpdated": "2025-02-13T17:02:49.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39321 (GCVE-0-2023-39321)

    Vulnerability from nvd – Published: 2023-09-08 16:13 – Updated: 2025-02-13 17:02
    VLAI
    Title
    Panic when processing post-handshake message on QUIC connections in crypto/tls
    Summary
    Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 1.21.0-0 , < 1.21.1 (semver)
    Create a notification for this product.
    Credits
    Marten Seemann
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:02:06.893Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/62266"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/523039"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2023-2044"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231020-0004/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-09"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39321",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T17:23:57.925389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T17:25:25.677Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "QUICConn.HandleData"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.21.1",
                  "status": "affected",
                  "version": "1.21.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marten Seemann"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Processing an incomplete post-handshake message for a QUIC connection can cause a panic."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-25T11:09:32.105Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/62266"
            },
            {
              "url": "https://go.dev/cl/523039"
            },
            {
              "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2023-2044"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231020-0004/"
            },
            {
              "url": "https://security.gentoo.org/glsa/202311-09"
            }
          ],
          "title": "Panic when processing post-handshake message on QUIC connections in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2023-39321",
        "datePublished": "2023-09-08T16:13:30.386Z",
        "dateReserved": "2023-07-27T17:05:55.187Z",
        "dateUpdated": "2025-02-13T17:02:48.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29409 (GCVE-0-2023-29409)

    Vulnerability from nvd – Published: 2023-08-02 19:47 – Updated: 2025-02-13 16:49
    VLAI
    Title
    Large RSA keys can cause high CPU usage in crypto/tls
    Summary
    Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.19.12 (semver)
    Affected: 1.20.0-0 , < 1.20.7 (semver)
    Affected: 1.21.0-0 , < 1.21.0-rc.4 (semver)
    Create a notification for this product.
    Credits
    Mateusz Poliwczak
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:07:46.160Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/61460"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/515257"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2023-1987"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230831-0010/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-09"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29409",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-22T14:15:51.334084Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-22T14:16:01.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "Conn.verifyServerCertificate"
                },
                {
                  "name": "Conn.processCertsFromClient"
                },
                {
                  "name": "Conn.Handshake"
                },
                {
                  "name": "Conn.HandshakeContext"
                },
                {
                  "name": "Conn.Read"
                },
                {
                  "name": "Conn.Write"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialWithDialer"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.19.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.20.7",
                  "status": "affected",
                  "version": "1.20.0-0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.21.0-rc.4",
                  "status": "affected",
                  "version": "1.21.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Mateusz Poliwczak"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-25T11:09:25.696Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/61460"
            },
            {
              "url": "https://go.dev/cl/515257"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2023-1987"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230831-0010/"
            },
            {
              "url": "https://security.gentoo.org/glsa/202311-09"
            }
          ],
          "title": "Large RSA keys can cause high CPU usage in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2023-29409",
        "datePublished": "2023-08-02T19:47:23.829Z",
        "dateReserved": "2023-04-05T19:36:35.043Z",
        "dateUpdated": "2025-02-13T16:49:16.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-41724 (GCVE-0-2022-41724)

    Vulnerability from nvd – Published: 2023-02-28 17:19 – Updated: 2025-03-07 17:57
    VLAI
    Title
    Panic on large handshake records in crypto/tls
    Summary
    Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.19.6 (semver)
    Affected: 1.20.0-0 , < 1.20.1 (semver)
    Create a notification for this product.
    Credits
    Marten Seemann
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:49:43.929Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/58001"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/468125"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2023-1570"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-09"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41724",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-07T17:56:50.422222Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-07T17:57:05.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "handshakeMessage.marshal"
                },
                {
                  "name": "Conn.writeRecord"
                },
                {
                  "name": "Conn.readHandshake"
                },
                {
                  "name": "Conn.handleRenegotiation"
                },
                {
                  "name": "Conn.handlePostHandshakeMessage"
                },
                {
                  "name": "Conn.handleKeyUpdate"
                },
                {
                  "name": "Conn.clientHandshake"
                },
                {
                  "name": "Conn.loadSession"
                },
                {
                  "name": "clientHandshakeState.handshake"
                },
                {
                  "name": "clientHandshakeState.doFullHandshake"
                },
                {
                  "name": "clientHandshakeState.readFinished"
                },
                {
                  "name": "clientHandshakeState.readSessionTicket"
                },
                {
                  "name": "clientHandshakeState.sendFinished"
                },
                {
                  "name": "clientHandshakeStateTLS13.handshake"
                },
                {
                  "name": "clientHandshakeStateTLS13.sendDummyChangeCipherSpec"
                },
                {
                  "name": "clientHandshakeStateTLS13.processHelloRetryRequest"
                },
                {
                  "name": "clientHandshakeStateTLS13.readServerParameters"
                },
                {
                  "name": "clientHandshakeStateTLS13.readServerCertificate"
                },
                {
                  "name": "clientHandshakeStateTLS13.readServerFinished"
                },
                {
                  "name": "clientHandshakeStateTLS13.sendClientCertificate"
                },
                {
                  "name": "clientHandshakeStateTLS13.sendClientFinished"
                },
                {
                  "name": "clientHelloMsg.marshal"
                },
                {
                  "name": "clientHelloMsg.marshalWithoutBinders"
                },
                {
                  "name": "clientHelloMsg.updateBinders"
                },
                {
                  "name": "serverHelloMsg.marshal"
                },
                {
                  "name": "encryptedExtensionsMsg.marshal"
                },
                {
                  "name": "endOfEarlyDataMsg.marshal"
                },
                {
                  "name": "keyUpdateMsg.marshal"
                },
                {
                  "name": "newSessionTicketMsgTLS13.marshal"
                },
                {
                  "name": "certificateRequestMsgTLS13.marshal"
                },
                {
                  "name": "certificateMsg.marshal"
                },
                {
                  "name": "certificateMsgTLS13.marshal"
                },
                {
                  "name": "serverKeyExchangeMsg.marshal"
                },
                {
                  "name": "certificateStatusMsg.marshal"
                },
                {
                  "name": "serverHelloDoneMsg.marshal"
                },
                {
                  "name": "clientKeyExchangeMsg.marshal"
                },
                {
                  "name": "finishedMsg.marshal"
                },
                {
                  "name": "certificateRequestMsg.marshal"
                },
                {
                  "name": "certificateVerifyMsg.marshal"
                },
                {
                  "name": "newSessionTicketMsg.marshal"
                },
                {
                  "name": "helloRequestMsg.marshal"
                },
                {
                  "name": "Conn.readClientHello"
                },
                {
                  "name": "serverHandshakeState.doResumeHandshake"
                },
                {
                  "name": "serverHandshakeState.doFullHandshake"
                },
                {
                  "name": "serverHandshakeState.readFinished"
                },
                {
                  "name": "serverHandshakeState.sendSessionTicket"
                },
                {
                  "name": "serverHandshakeState.sendFinished"
                },
                {
                  "name": "serverHandshakeStateTLS13.checkForResumption"
                },
                {
                  "name": "serverHandshakeStateTLS13.sendDummyChangeCipherSpec"
                },
                {
                  "name": "serverHandshakeStateTLS13.doHelloRetryRequest"
                },
                {
                  "name": "serverHandshakeStateTLS13.sendServerParameters"
                },
                {
                  "name": "serverHandshakeStateTLS13.sendServerCertificate"
                },
                {
                  "name": "serverHandshakeStateTLS13.sendServerFinished"
                },
                {
                  "name": "serverHandshakeStateTLS13.sendSessionTickets"
                },
                {
                  "name": "serverHandshakeStateTLS13.readClientCertificate"
                },
                {
                  "name": "serverHandshakeStateTLS13.readClientFinished"
                },
                {
                  "name": "cipherSuiteTLS13.expandLabel"
                },
                {
                  "name": "sessionState.marshal"
                },
                {
                  "name": "sessionStateTLS13.marshal"
                },
                {
                  "name": "Conn.Handshake"
                },
                {
                  "name": "Conn.HandshakeContext"
                },
                {
                  "name": "Conn.Read"
                },
                {
                  "name": "Conn.Write"
                },
                {
                  "name": "ConnectionState.ExportKeyingMaterial"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialWithDialer"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.19.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.20.1",
                  "status": "affected",
                  "version": "1.20.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marten Seemann"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth \u003e= RequestClientCert)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-25T11:09:30.560Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/58001"
            },
            {
              "url": "https://go.dev/cl/468125"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2023-1570"
            },
            {
              "url": "https://security.gentoo.org/glsa/202311-09"
            }
          ],
          "title": "Panic on large handshake records in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2022-41724",
        "datePublished": "2023-02-28T17:19:44.420Z",
        "dateReserved": "2022-09-28T17:00:06.611Z",
        "dateUpdated": "2025-03-07T17:57:05.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30629 (GCVE-0-2022-30629)

    Vulnerability from nvd – Published: 2022-08-09 20:17 – Updated: 2026-03-06 19:12
    VLAI
    Title
    Session tickets lack random ticket_age_add in crypto/tls
    Summary
    Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.17.11 (semver)
    Affected: 1.18.0-0 , < 1.18.3 (semver)
    Create a notification for this product.
    Credits
    Github user @nervuri
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:56:13.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/405994"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/52814"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2022-0531"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.1,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-30629",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-24T20:38:04.620332Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-06T19:12:16.725Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "serverHandshakeStateTLS13.sendSessionTickets"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.17.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.18.3",
                  "status": "affected",
                  "version": "1.18.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Github user @nervuri"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-200: Information Exposure",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T19:04:50.302Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/405994"
            },
            {
              "url": "https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5"
            },
            {
              "url": "https://go.dev/issue/52814"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2022-0531"
            }
          ],
          "title": "Session tickets lack random ticket_age_add in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2022-30629",
        "datePublished": "2022-08-09T20:17:31.000Z",
        "dateReserved": "2022-05-12T00:00:00.000Z",
        "dateUpdated": "2026-03-06T19:12:16.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42505 (GCVE-0-2026-42505)

    Vulnerability from cvelistv5 – Published: 2026-07-08 15:46 – Updated: 2026-07-08 19:38
    VLAI
    Title
    Invoking Encrypted Client Hello privacy leak in crypto/tls
    Summary
    Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.25.12 (semver)
    Affected: 1.26.0-0 , < 1.26.5 (semver)
    Affected: 1.27.0-0 , < 1.27.0-rc.2 (semver)
    Create a notification for this product.
    Credits
    Coia Prant (github.com/rbqvq)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42505",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T18:03:53.821942Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-201",
                    "description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T19:38:17.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "clientHelloMsg.marshalMsg"
                },
                {
                  "name": "Conn.Handshake"
                },
                {
                  "name": "Conn.HandshakeContext"
                },
                {
                  "name": "Conn.Read"
                },
                {
                  "name": "Conn.Write"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialWithDialer"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                },
                {
                  "name": "QUICConn.HandleData"
                },
                {
                  "name": "QUICConn.SendSessionTicket"
                },
                {
                  "name": "QUICConn.Start"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.25.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.5",
                  "status": "affected",
                  "version": "1.26.0-0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.27.0-rc.2",
                  "status": "affected",
                  "version": "1.27.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Coia Prant (github.com/rbqvq)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T15:46:33.407Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/775960"
            },
            {
              "url": "https://go.dev/issue/79282"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/OrmQE_Yp5Sc"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2026-5856"
            }
          ],
          "title": "Invoking Encrypted Client Hello privacy leak in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2026-42505",
        "datePublished": "2026-07-08T15:46:33.407Z",
        "dateReserved": "2026-04-28T00:21:12.792Z",
        "dateUpdated": "2026-07-08T19:38:17.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32283 (GCVE-0-2026-32283)

    Vulnerability from cvelistv5 – Published: 2026-04-08 01:06 – Updated: 2026-07-09 12:10
    VLAI
    Title
    Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
    Summary
    If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-667 - Improper Locking
    • CWE-764 - Multiple Locks of a Critical Resource
    Assigner
    Go
    References
    URL Tags
    https://go.dev/cl/763767
    https://go.dev/issue/78334
    https://groups.google.com/g/golang-announce/c/0uY…
    https://pkg.go.dev/vuln/GO-2026-4870
    https://access.redhat.com/security/cve/CVE-2026-32283 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2456338 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:24762 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16101 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24761 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27076 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14391 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36796 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28047 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20569 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23103 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19715 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16024 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19550 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18032 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18027 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17084 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19719 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19750 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20570 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22713 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19714 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20571 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19450 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10217 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11712 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11881 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11863 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17075 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:29195 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23102 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19133 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19139 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19137 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19134 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19136 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22937 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19144 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19135 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22450 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24470 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19156 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19132 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:29035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19126 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33722 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10704 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16875 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11507 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11514 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15980 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19634 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16102 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34192 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34196 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34197 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19721 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20607 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20608 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19722 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16021 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20556 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19839 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28038 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19720 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22709 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17287 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24337 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20609 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14200 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10219 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11711 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11704 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:29455 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:29703 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19350 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19352 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19351 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23228 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19353 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22714 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26447 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19369 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28074 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26636 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22423 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22347 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21769 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23345 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26571 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7385 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7291 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22485 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14162 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.25.9 (semver)
    Affected: 1.26.0-0 , < 1.26.2 (semver)
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 10     cpe:/a:redhat:ansible_automation_platform:2.6::el10
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8     cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 8     cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9     cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9     cpe:/a:redhat:ansible_automation_platform:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
    Create a notification for this product.
    Red Hat Cryostat 4 on RHEL 9     cpe:/a:redhat:cryostat:4::el9
    Create a notification for this product.
    Red Hat RHEM 1.0 for RHEL 9     cpe:/a:redhat:edge_manager:1.0::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9     cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9     cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
        cpe:/a:redhat:satellite_maintenance:6.19::el9
        cpe:/a:redhat:satellite_utils:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.6)     cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.6)     cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.4)     cpe:/a:redhat:rhel_e4s:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Custom Metric Autoscaler 2.19     cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.3.4     cpe:/a:redhat:multicluster_globalhub:1.3::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.4.5     cpe:/a:redhat:multicluster_globalhub:1.4::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.5.4     cpe:/a:redhat:multicluster_globalhub:1.5::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.6.2     cpe:/a:redhat:multicluster_globalhub:1.6::el9
    Create a notification for this product.
    Red Hat OpenShift Compliance Operator 1     cpe:/a:redhat:openshift_compliance_operator:1::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Lightspeed (formerly Insights) for Runtimes 1     cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.9.3     cpe:/a:redhat:openshift_distributed_tracing:3.9::el9
    Create a notification for this product.
    Red Hat Assisted Installer for Red Hat OpenShift Container Platform 2     cpe:/a:redhat:assisted_installer:2
    Create a notification for this product.
    Red Hat Builds for Red Hat OpenShift     cpe:/a:redhat:openshift_builds:1
    Create a notification for this product.
    Red Hat cert-manager Operator for Red Hat OpenShift     cpe:/a:redhat:cert_manager:1
    Create a notification for this product.
    Red Hat Confidential Compute Attestation     cpe:/a:redhat:confidential_compute_attestation:1
    Create a notification for this product.
    Red Hat Deployment Validation Operator     cpe:/a:redhat:deployment_validator_operator
    Create a notification for this product.
    Red Hat External Secrets Operator for Red Hat OpenShift     cpe:/a:redhat:external_secrets_operator:1
    Create a notification for this product.
    Red Hat ExternalDNS Operator     cpe:/a:redhat:ext_dns_optr:1
    Create a notification for this product.
    Red Hat Fence Agents Remediation Operator     cpe:/a:redhat:workload_availability_far:0
    Create a notification for this product.
    Red Hat File Integrity Operator     cpe:/a:redhat:openshift_file_integrity_operator:1
    Create a notification for this product.
    Red Hat Gatekeeper 3     cpe:/a:redhat:gatekeeper:3
    Create a notification for this product.
    Red Hat Logging Subsystem for Red Hat OpenShift     cpe:/a:redhat:logging:5
    Create a notification for this product.
    Red Hat Logical Volume Manager Storage     cpe:/a:redhat:lvms:4
    Create a notification for this product.
    Red Hat Machine Deletion Remediation Operator     cpe:/a:redhat:workload_availability_mdr:0
    Create a notification for this product.
    Red Hat Migration Toolkit for Containers     cpe:/a:redhat:rhmt:1
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift     cpe:/a:redhat:mirror_registry:1
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift 2     cpe:/a:redhat:mirror_registry:2
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat Network Observability Operator     cpe:/a:redhat:network_observ_optr:1
    Create a notification for this product.
    Red Hat Node HealthCheck Operator     cpe:/a:redhat:workload_availability_nhc:0
    Create a notification for this product.
    Red Hat OpenShift API for Data Protection     cpe:/a:redhat:openshift_api_data_protection:1
    Create a notification for this product.
    Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
    Create a notification for this product.
    Red Hat OpenShift Lightspeed     cpe:/a:redhat:openshift_lightspeed
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 2     cpe:/a:redhat:service_mesh:2
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 3     cpe:/a:redhat:service_mesh:3
    Create a notification for this product.
    Red Hat Power monitoring for Red Hat OpenShift     cpe:/a:redhat:openshift_power_monitoring
    Create a notification for this product.
    Red Hat Red Hat 3scale API Management Platform 2     cpe:/a:redhat:red_hat_3scale_amp:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4     cpe:/a:redhat:advanced_cluster_security:4
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server     cpe:/a:redhat:ai_inference_server:3
    Create a notification for this product.
    Red Hat Red Hat AMQ Broker 7     cpe:/a:redhat:amq_broker:7
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 2     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat Certification Program for Red Hat Enterprise Linux 9     cpe:/a:redhat:certifications:9
    Create a notification for this product.
    Red Hat Red Hat Connectivity Link 1     cpe:/a:redhat:connectivity_link:1
    Create a notification for this product.
    Red Hat Red Hat Developer Hub     cpe:/a:redhat:rhdh:1
    Create a notification for this product.
    Red Hat Red Hat Edge Manager 1     cpe:/a:redhat:edge_manager:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI (RHEL AI) 3     cpe:/a:redhat:enterprise_linux_ai:3
    Create a notification for this product.
    Red Hat Red Hat JBoss Web Server 6     cpe:/a:redhat:jboss_enterprise_web_server:6
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Cluster Manager CLI     cpe:/a:redhat:openshift_cluster_manager_cli:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Workspaces Operator     cpe:/a:redhat:devworkspace
    Create a notification for this product.
    Red Hat Red Hat OpenShift for Windows Containers     cpe:/a:redhat:windows_machine_config
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift on AWS     cpe:/a:redhat:openshift_service_on_aws:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer     cpe:/a:redhat:trusted_artifact_signer:1
    Create a notification for this product.
    Red Hat Red Hat Web Terminal     cpe:/a:redhat:webterminal:1
    Create a notification for this product.
    Red Hat Security Profiles Operator     cpe:/a:redhat:openshift_security_profiles_operator:1
    Create a notification for this product.
    Red Hat Service Telemetry Framework 1.5     cpe:/a:redhat:stf:1.5
    Create a notification for this product.
    Red Hat streams for Apache Kafka 3     cpe:/a:redhat:amq_streams:3
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager     cpe:/a:redhat:zero_trust_workload_identity_manager:1
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager - Tech Preview     cpe:/a:redhat:zero_trust_workload_identity_manager:0
    Create a notification for this product.
    Red Hat Migration Toolkit for Applications 8     cpe:/a:redhat:migration_toolkit_applications:8
    Create a notification for this product.
    Red Hat Red Hat Service Interconnect 1     cpe:/a:redhat:service_interconnect:1
    Create a notification for this product.
    Red Hat Red Hat Service Interconnect 2     cpe:/a:redhat:service_interconnect:2
    Create a notification for this product.
    Credits
    Jakub Ciolek - https://ciolek.dev/
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32283",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T17:51:46.207289Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T18:19:55.848Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el10",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el8",
                  "cpe:/a:redhat:satellite_capsule:6.16::el8",
                  "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                  "cpe:/a:redhat:satellite_utils:6.16::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.16 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el9",
                  "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
                  "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cryostat:4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Cryostat 4 on RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:edge_manager:1.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "RHEM 1.0 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:17.1",
                  "cpe:/a:redhat:openstack:17.1::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 17.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el9",
                  "cpe:/a:redhat:satellite_capsule:6.16::el9",
                  "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                  "cpe:/a:redhat:satellite_utils:6.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.16 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.19::el9",
                  "cpe:/a:redhat:satellite_capsule:6.19::el9",
                  "cpe:/a:redhat:satellite_maintenance:6.19::el9",
                  "cpe:/a:redhat:satellite_utils:6.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.19 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Custom Metric Autoscaler 2.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.3.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.4.5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.5.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.6.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_compliance_operator:1::el9"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Compliance Operator 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Lightspeed (formerly Insights) for Runtimes 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift distributed tracing 3.9.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:assisted_installer:2"
                ],
                "defaultStatus": "affected",
                "product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_builds:1"
                ],
                "defaultStatus": "affected",
                "product": "Builds for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cert_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "cert-manager Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:confidential_compute_attestation:1"
                ],
                "defaultStatus": "affected",
                "product": "Confidential Compute Attestation",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:deployment_validator_operator"
                ],
                "defaultStatus": "affected",
                "product": "Deployment Validation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:external_secrets_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "External Secrets Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ext_dns_optr:1"
                ],
                "defaultStatus": "affected",
                "product": "ExternalDNS Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_far:0"
                ],
                "defaultStatus": "affected",
                "product": "Fence Agents Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_file_integrity_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "File Integrity Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:gatekeeper:3"
                ],
                "defaultStatus": "affected",
                "product": "Gatekeeper 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:logging:5"
                ],
                "defaultStatus": "affected",
                "product": "Logging Subsystem for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:lvms:4"
                ],
                "defaultStatus": "affected",
                "product": "Logical Volume Manager Storage",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_mdr:0"
                ],
                "defaultStatus": "affected",
                "product": "Machine Deletion Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhmt:1"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:mirror_registry:1"
                ],
                "defaultStatus": "affected",
                "product": "mirror registry for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:mirror_registry:2"
                ],
                "defaultStatus": "affected",
                "product": "mirror registry for Red Hat OpenShift 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Engine for Kubernetes",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:network_observ_optr:1"
                ],
                "defaultStatus": "affected",
                "product": "Network Observability Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_nhc:0"
                ],
                "defaultStatus": "affected",
                "product": "Node HealthCheck Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_api_data_protection:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift API for Data Protection",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ocp_tools"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Developer Tools and Services",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_lightspeed"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Pipelines",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:serverless:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Serverless",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Service Mesh 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Service Mesh 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_power_monitoring"
                ],
                "defaultStatus": "affected",
                "product": "Power monitoring for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_3scale_amp:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat 3scale API Management Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_broker:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AMQ Broker 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:apache_camel_hawtio:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Apache Camel - HawtIO 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_registry:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Apicurio Registry 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:certifications:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:connectivity_link:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Connectivity Link 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhdh:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Developer Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:edge_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Edge Manager 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_web_server:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Web Server 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_cluster_manager_cli:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Cluster Manager CLI",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Dev Spaces",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:devworkspace"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Dev Workspaces Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:windows_machine_config"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift for Windows Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_service_on_aws:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift on AWS",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Virtualization 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:16.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 16.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:18.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 18.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Trusted Artifact Signer",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:webterminal:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Web Terminal",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_security_profiles_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "Security Profiles Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:stf:1.5"
                ],
                "defaultStatus": "affected",
                "product": "Service Telemetry Framework 1.5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_streams:3"
                ],
                "defaultStatus": "affected",
                "product": "streams for Apache Kafka 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "Zero Trust Workload Identity Manager",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:0"
                ],
                "defaultStatus": "affected",
                "product": "Zero Trust Workload Identity Manager - Tech Preview",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_applications:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Migration Toolkit for Applications 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_interconnect:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Service Interconnect 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_interconnect:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Service Interconnect 2",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-08T01:06:57.670Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS)."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-764",
                    "description": "Multiple Locks of a Critical Resource",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T12:10:01.972Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-32283"
              },
              {
                "name": "RHBZ#2456338",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32283.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24762"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16101"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24761"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27076"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14391"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36796"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28047"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34365"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20569"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23103"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19715"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16024"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19550"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18032"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18027"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17084"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19719"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19750"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20570"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22713"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19714"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20571"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19450"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10217"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11712"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11881"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11863"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17075"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:29195"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23102"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19133"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19139"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19137"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19134"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19136"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22937"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19144"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19135"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22450"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24470"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19156"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19132"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:29035"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19126"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33722"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10704"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16875"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11507"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11514"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15980"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19634"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16102"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34192"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34196"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34197"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19721"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20607"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20608"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19722"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16021"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20556"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19839"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28038"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19720"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22709"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17287"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24337"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20609"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14200"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10219"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11711"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11704"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:29455"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:29703"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19350"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19352"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19351"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23228"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19353"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22714"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26447"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19369"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28074"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26636"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22423"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22347"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21769"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23345"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26571"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7385"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7291"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22485"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14162"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 10, Red Hat Ansible Automation Platform 2.6 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16101: Red Hat Enterprise Linux Server (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27076: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14391: Cryostat 4 on RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36796: RHEM 1.0 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28047: Red Hat OpenStack Platform 17.1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34365: Red Hat Satellite 6.19 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20569: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23103: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19715: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16024: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19550: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18032: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18027: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17084: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19719: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19750: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20570: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22713: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19714: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20571: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19450: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10217: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11712: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11881: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11863: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17075: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:29195: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23102: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19133: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19139: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19137: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19134: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19136: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22937: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19144: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19135: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22450: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24470: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19156: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19132: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:29035: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19126: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33722: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10704: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16875: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11507: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11514: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15980: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19634: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16102: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34192: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34196: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34197: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19721: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20607: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20608: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19722: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16021: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20556: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19839: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28038: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19720: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22709: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17287: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24337: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20609: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14200: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10219: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11711: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11704: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:29455: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:29703: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19350: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19352: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19351: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23228: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19353: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22714: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26447: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19369: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28074: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26636: Custom Metric Autoscaler 2.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22423: Multicluster Global Hub 1.3.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22347: Multicluster Global Hub 1.4.5"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21769: Multicluster Global Hub 1.5.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23345: Multicluster Global Hub 1.6.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26571: OpenShift Compliance Operator 1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7385: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7291: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22485: Red Hat Lightspeed (formerly Insights) for Runtimes 1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14162: Red Hat OpenShift distributed tracing 3.9.3"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-08T02:01:16.213Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-08T01:06:57.670Z",
                "value": "Made public."
              }
            ],
            "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "Conn.handleKeyUpdate"
                },
                {
                  "name": "clientHandshakeStateTLS13.establishHandshakeKeys"
                },
                {
                  "name": "clientHandshakeStateTLS13.readServerFinished"
                },
                {
                  "name": "serverHandshakeStateTLS13.sendServerParameters"
                },
                {
                  "name": "serverHandshakeStateTLS13.readClientFinished"
                },
                {
                  "name": "Conn.Handshake"
                },
                {
                  "name": "Conn.HandshakeContext"
                },
                {
                  "name": "Conn.Read"
                },
                {
                  "name": "Conn.Write"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialWithDialer"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                },
                {
                  "name": "QUICConn.HandleData"
                },
                {
                  "name": "QUICConn.Start"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.25.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.2",
                  "status": "affected",
                  "version": "1.26.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Jakub Ciolek - https://ciolek.dev/"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-667: Improper Locking",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T01:06:57.670Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/763767"
            },
            {
              "url": "https://go.dev/issue/78334"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2026-4870"
            }
          ],
          "title": "Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2026-32283",
        "datePublished": "2026-04-08T01:06:57.670Z",
        "dateReserved": "2026-03-11T16:38:46.556Z",
        "dateUpdated": "2026-07-09T12:10:01.972Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-68121 (GCVE-0-2025-68121)

    Vulnerability from cvelistv5 – Published: 2026-02-05 17:48 – Updated: 2026-04-29 13:29
    VLAI
    Title
    Unexpected session resumption in crypto/tls
    Summary
    During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.24.13 (semver)
    Affected: 1.25.0-0 , < 1.25.7 (semver)
    Affected: 1.26.0-rc.1 , < 1.26.0-rc.3 (semver)
    Create a notification for this product.
    Credits
    Coia Prant (github.com/rbqvq) Go Security Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-68121",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T03:55:46.305385Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-295",
                    "description": "CWE-295 Improper Certificate Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-29T13:29:25.582Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "Conn.handshakeContext"
                },
                {
                  "name": "Conn.Handshake"
                },
                {
                  "name": "Conn.HandshakeContext"
                },
                {
                  "name": "Conn.Read"
                },
                {
                  "name": "Conn.Write"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialWithDialer"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                },
                {
                  "name": "QUICConn.Start"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.24.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.25.7",
                  "status": "affected",
                  "version": "1.25.0-0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.0-rc.3",
                  "status": "affected",
                  "version": "1.26.0-rc.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Coia Prant (github.com/rbqvq)"
            },
            {
              "lang": "en",
              "value": "Go Security Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-295: Improper Certificate Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-05T17:48:44.141Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
            },
            {
              "url": "https://go.dev/cl/737700"
            },
            {
              "url": "https://go.dev/issue/77217"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2026-4337"
            }
          ],
          "title": "Unexpected session resumption in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2025-68121",
        "datePublished": "2026-02-05T17:48:44.141Z",
        "dateReserved": "2025-12-15T16:48:04.451Z",
        "dateUpdated": "2026-04-29T13:29:25.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-61730 (GCVE-0-2025-61730)

    Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-02-02 17:28
    VLAI
    Title
    Handshake messages may be processed at the incorrect encryption level in crypto/tls
    Summary
    During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-940 - Improper Verification of Source of a Communication Channel
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.24.12 (semver)
    Affected: 1.25.0 , < 1.25.6 (semver)
    Create a notification for this product.
    Credits
    Coia Prant (github.com/rbqvq)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-61730",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-02T17:28:46.305649Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-02T17:28:49.572Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "Conn.handleKeyUpdate"
                },
                {
                  "name": "Conn.handshakeContext"
                },
                {
                  "name": "clientHandshakeStateTLS13.establishHandshakeKeys"
                },
                {
                  "name": "clientHandshakeStateTLS13.readServerFinished"
                },
                {
                  "name": "clientHandshakeStateTLS13.sendClientFinished"
                },
                {
                  "name": "serverHandshakeStateTLS13.checkForResumption"
                },
                {
                  "name": "serverHandshakeStateTLS13.doHelloRetryRequest"
                },
                {
                  "name": "serverHandshakeStateTLS13.sendServerParameters"
                },
                {
                  "name": "serverHandshakeStateTLS13.sendServerFinished"
                },
                {
                  "name": "serverHandshakeStateTLS13.readClientFinished"
                },
                {
                  "name": "Conn.quicSetReadSecret"
                },
                {
                  "name": "Conn.Handshake"
                },
                {
                  "name": "Conn.HandshakeContext"
                },
                {
                  "name": "Conn.Read"
                },
                {
                  "name": "Conn.Write"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialWithDialer"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                },
                {
                  "name": "QUICConn.HandleData"
                },
                {
                  "name": "QUICConn.Start"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.24.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.25.6",
                  "status": "affected",
                  "version": "1.25.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Coia Prant (github.com/rbqvq)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-940: Improper Verification of Source of a Communication Channel",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-28T19:30:30.986Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/724120"
            },
            {
              "url": "https://go.dev/issue/76443"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2026-4340"
            }
          ],
          "title": "Handshake messages may be processed at the incorrect encryption level in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2025-61730",
        "datePublished": "2026-01-28T19:30:30.986Z",
        "dateReserved": "2025-09-30T15:05:03.605Z",
        "dateUpdated": "2026-02-02T17:28:49.572Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-58189 (GCVE-0-2025-58189)

    Vulnerability from cvelistv5 – Published: 2025-10-29 22:10 – Updated: 2025-11-04 21:13
    VLAI
    Title
    ALPN negotiation error contains attacker controlled information in crypto/tls
    Summary
    When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-117 - Improper Output Neutralization for Logs
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.24.8 (semver)
    Affected: 1.25.0 , < 1.25.2 (semver)
    Create a notification for this product.
    Credits
    National Cyber Security Centre Finland
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58189",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-03T19:50:48.668117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:51:22.704Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:13:39.428Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/10/08/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "negotiateALPN"
                },
                {
                  "name": "Conn.Handshake"
                },
                {
                  "name": "Conn.HandshakeContext"
                },
                {
                  "name": "Conn.Read"
                },
                {
                  "name": "Conn.Write"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialWithDialer"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                },
                {
                  "name": "QUICConn.Start"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.24.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.25.2",
                  "status": "affected",
                  "version": "1.25.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "National Cyber Security Centre Finland"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-117: Improper Output Neutralization for Logs",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-29T22:10:12.947Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/707776"
            },
            {
              "url": "https://go.dev/issue/75652"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2025-4008"
            }
          ],
          "title": "ALPN negotiation error contains attacker controlled information in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2025-58189",
        "datePublished": "2025-10-29T22:10:12.947Z",
        "dateReserved": "2025-08-27T14:50:58.692Z",
        "dateUpdated": "2025-11-04T21:13:39.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-45287 (GCVE-0-2023-45287)

    Vulnerability from cvelistv5 – Published: 2023-12-05 16:18 – Updated: 2025-02-13 17:14
    VLAI
    Title
    Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel
    Summary
    Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.
    Severity
    No CVSS data available.
    CWE
    • CWE-208 - Observable Timing Discrepancy
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.20.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:21:15.309Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/20654"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/326012/26"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/QMK8IQALDvA"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://people.redhat.com/~hkario/marvin/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2023-2375"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240112-0005/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "rsaKeyAgreement.processClientKeyExchange"
                },
                {
                  "name": "rsaKeyAgreement.generateClientKeyExchange"
                },
                {
                  "name": "Conn.Handshake"
                },
                {
                  "name": "Conn.HandshakeContext"
                },
                {
                  "name": "Conn.Read"
                },
                {
                  "name": "Conn.Write"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialWithDialer"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.20.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-208: Observable Timing Discrepancy",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-12T14:06:27.569Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/20654"
            },
            {
              "url": "https://go.dev/cl/326012/26"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/QMK8IQALDvA"
            },
            {
              "url": "https://people.redhat.com/~hkario/marvin/"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2023-2375"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240112-0005/"
            }
          ],
          "title": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2023-45287",
        "datePublished": "2023-12-05T16:18:06.104Z",
        "dateReserved": "2023-10-06T17:06:26.221Z",
        "dateUpdated": "2025-02-13T17:14:00.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39322 (GCVE-0-2023-39322)

    Vulnerability from cvelistv5 – Published: 2023-09-08 16:13 – Updated: 2025-02-13 17:02
    VLAI
    Title
    Memory exhaustion in QUIC connection handling in crypto/tls
    Summary
    QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 1.21.0-0 , < 1.21.1 (semver)
    Create a notification for this product.
    go_standard_library crypto_tls Affected: 1.21.0-0 , < 1.21.1 (semver)
        cpe:2.3:a:go_standard_library:crypto_tls:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Marten Seemann
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:02:07.098Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/62266"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/523039"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2023-2045"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231020-0004/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-09"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:go_standard_library:crypto_tls:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crypto_tls",
                "vendor": "go_standard_library",
                "versions": [
                  {
                    "lessThan": "1.21.1",
                    "status": "affected",
                    "version": "1.21.0-0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39322",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T15:53:33.932737Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T15:56:13.357Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "QUICConn.HandleData"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.21.1",
                  "status": "affected",
                  "version": "1.21.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marten Seemann"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-25T11:09:57.257Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/62266"
            },
            {
              "url": "https://go.dev/cl/523039"
            },
            {
              "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2023-2045"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231020-0004/"
            },
            {
              "url": "https://security.gentoo.org/glsa/202311-09"
            }
          ],
          "title": "Memory exhaustion in QUIC connection handling in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2023-39322",
        "datePublished": "2023-09-08T16:13:32.795Z",
        "dateReserved": "2023-07-27T17:05:55.187Z",
        "dateUpdated": "2025-02-13T17:02:49.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39321 (GCVE-0-2023-39321)

    Vulnerability from cvelistv5 – Published: 2023-09-08 16:13 – Updated: 2025-02-13 17:02
    VLAI
    Title
    Panic when processing post-handshake message on QUIC connections in crypto/tls
    Summary
    Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 1.21.0-0 , < 1.21.1 (semver)
    Create a notification for this product.
    Credits
    Marten Seemann
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:02:06.893Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/62266"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/523039"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2023-2044"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231020-0004/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-09"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39321",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T17:23:57.925389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T17:25:25.677Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "QUICConn.HandleData"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.21.1",
                  "status": "affected",
                  "version": "1.21.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marten Seemann"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Processing an incomplete post-handshake message for a QUIC connection can cause a panic."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-25T11:09:32.105Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/62266"
            },
            {
              "url": "https://go.dev/cl/523039"
            },
            {
              "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2023-2044"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231020-0004/"
            },
            {
              "url": "https://security.gentoo.org/glsa/202311-09"
            }
          ],
          "title": "Panic when processing post-handshake message on QUIC connections in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2023-39321",
        "datePublished": "2023-09-08T16:13:30.386Z",
        "dateReserved": "2023-07-27T17:05:55.187Z",
        "dateUpdated": "2025-02-13T17:02:48.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29409 (GCVE-0-2023-29409)

    Vulnerability from cvelistv5 – Published: 2023-08-02 19:47 – Updated: 2025-02-13 16:49
    VLAI
    Title
    Large RSA keys can cause high CPU usage in crypto/tls
    Summary
    Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.19.12 (semver)
    Affected: 1.20.0-0 , < 1.20.7 (semver)
    Affected: 1.21.0-0 , < 1.21.0-rc.4 (semver)
    Create a notification for this product.
    Credits
    Mateusz Poliwczak
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:07:46.160Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/61460"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/515257"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2023-1987"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230831-0010/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-09"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29409",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-22T14:15:51.334084Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-22T14:16:01.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "Conn.verifyServerCertificate"
                },
                {
                  "name": "Conn.processCertsFromClient"
                },
                {
                  "name": "Conn.Handshake"
                },
                {
                  "name": "Conn.HandshakeContext"
                },
                {
                  "name": "Conn.Read"
                },
                {
                  "name": "Conn.Write"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialWithDialer"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.19.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.20.7",
                  "status": "affected",
                  "version": "1.20.0-0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.21.0-rc.4",
                  "status": "affected",
                  "version": "1.21.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Mateusz Poliwczak"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-25T11:09:25.696Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/61460"
            },
            {
              "url": "https://go.dev/cl/515257"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2023-1987"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230831-0010/"
            },
            {
              "url": "https://security.gentoo.org/glsa/202311-09"
            }
          ],
          "title": "Large RSA keys can cause high CPU usage in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2023-29409",
        "datePublished": "2023-08-02T19:47:23.829Z",
        "dateReserved": "2023-04-05T19:36:35.043Z",
        "dateUpdated": "2025-02-13T16:49:16.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-41724 (GCVE-0-2022-41724)

    Vulnerability from cvelistv5 – Published: 2023-02-28 17:19 – Updated: 2025-03-07 17:57
    VLAI
    Title
    Panic on large handshake records in crypto/tls
    Summary
    Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.19.6 (semver)
    Affected: 1.20.0-0 , < 1.20.1 (semver)
    Create a notification for this product.
    Credits
    Marten Seemann
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:49:43.929Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/58001"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/468125"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2023-1570"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-09"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41724",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-07T17:56:50.422222Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-07T17:57:05.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "handshakeMessage.marshal"
                },
                {
                  "name": "Conn.writeRecord"
                },
                {
                  "name": "Conn.readHandshake"
                },
                {
                  "name": "Conn.handleRenegotiation"
                },
                {
                  "name": "Conn.handlePostHandshakeMessage"
                },
                {
                  "name": "Conn.handleKeyUpdate"
                },
                {
                  "name": "Conn.clientHandshake"
                },
                {
                  "name": "Conn.loadSession"
                },
                {
                  "name": "clientHandshakeState.handshake"
                },
                {
                  "name": "clientHandshakeState.doFullHandshake"
                },
                {
                  "name": "clientHandshakeState.readFinished"
                },
                {
                  "name": "clientHandshakeState.readSessionTicket"
                },
                {
                  "name": "clientHandshakeState.sendFinished"
                },
                {
                  "name": "clientHandshakeStateTLS13.handshake"
                },
                {
                  "name": "clientHandshakeStateTLS13.sendDummyChangeCipherSpec"
                },
                {
                  "name": "clientHandshakeStateTLS13.processHelloRetryRequest"
                },
                {
                  "name": "clientHandshakeStateTLS13.readServerParameters"
                },
                {
                  "name": "clientHandshakeStateTLS13.readServerCertificate"
                },
                {
                  "name": "clientHandshakeStateTLS13.readServerFinished"
                },
                {
                  "name": "clientHandshakeStateTLS13.sendClientCertificate"
                },
                {
                  "name": "clientHandshakeStateTLS13.sendClientFinished"
                },
                {
                  "name": "clientHelloMsg.marshal"
                },
                {
                  "name": "clientHelloMsg.marshalWithoutBinders"
                },
                {
                  "name": "clientHelloMsg.updateBinders"
                },
                {
                  "name": "serverHelloMsg.marshal"
                },
                {
                  "name": "encryptedExtensionsMsg.marshal"
                },
                {
                  "name": "endOfEarlyDataMsg.marshal"
                },
                {
                  "name": "keyUpdateMsg.marshal"
                },
                {
                  "name": "newSessionTicketMsgTLS13.marshal"
                },
                {
                  "name": "certificateRequestMsgTLS13.marshal"
                },
                {
                  "name": "certificateMsg.marshal"
                },
                {
                  "name": "certificateMsgTLS13.marshal"
                },
                {
                  "name": "serverKeyExchangeMsg.marshal"
                },
                {
                  "name": "certificateStatusMsg.marshal"
                },
                {
                  "name": "serverHelloDoneMsg.marshal"
                },
                {
                  "name": "clientKeyExchangeMsg.marshal"
                },
                {
                  "name": "finishedMsg.marshal"
                },
                {
                  "name": "certificateRequestMsg.marshal"
                },
                {
                  "name": "certificateVerifyMsg.marshal"
                },
                {
                  "name": "newSessionTicketMsg.marshal"
                },
                {
                  "name": "helloRequestMsg.marshal"
                },
                {
                  "name": "Conn.readClientHello"
                },
                {
                  "name": "serverHandshakeState.doResumeHandshake"
                },
                {
                  "name": "serverHandshakeState.doFullHandshake"
                },
                {
                  "name": "serverHandshakeState.readFinished"
                },
                {
                  "name": "serverHandshakeState.sendSessionTicket"
                },
                {
                  "name": "serverHandshakeState.sendFinished"
                },
                {
                  "name": "serverHandshakeStateTLS13.checkForResumption"
                },
                {
                  "name": "serverHandshakeStateTLS13.sendDummyChangeCipherSpec"
                },
                {
                  "name": "serverHandshakeStateTLS13.doHelloRetryRequest"
                },
                {
                  "name": "serverHandshakeStateTLS13.sendServerParameters"
                },
                {
                  "name": "serverHandshakeStateTLS13.sendServerCertificate"
                },
                {
                  "name": "serverHandshakeStateTLS13.sendServerFinished"
                },
                {
                  "name": "serverHandshakeStateTLS13.sendSessionTickets"
                },
                {
                  "name": "serverHandshakeStateTLS13.readClientCertificate"
                },
                {
                  "name": "serverHandshakeStateTLS13.readClientFinished"
                },
                {
                  "name": "cipherSuiteTLS13.expandLabel"
                },
                {
                  "name": "sessionState.marshal"
                },
                {
                  "name": "sessionStateTLS13.marshal"
                },
                {
                  "name": "Conn.Handshake"
                },
                {
                  "name": "Conn.HandshakeContext"
                },
                {
                  "name": "Conn.Read"
                },
                {
                  "name": "Conn.Write"
                },
                {
                  "name": "ConnectionState.ExportKeyingMaterial"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialWithDialer"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.19.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.20.1",
                  "status": "affected",
                  "version": "1.20.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marten Seemann"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth \u003e= RequestClientCert)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-25T11:09:30.560Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/58001"
            },
            {
              "url": "https://go.dev/cl/468125"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2023-1570"
            },
            {
              "url": "https://security.gentoo.org/glsa/202311-09"
            }
          ],
          "title": "Panic on large handshake records in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2022-41724",
        "datePublished": "2023-02-28T17:19:44.420Z",
        "dateReserved": "2022-09-28T17:00:06.611Z",
        "dateUpdated": "2025-03-07T17:57:05.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30629 (GCVE-0-2022-30629)

    Vulnerability from cvelistv5 – Published: 2022-08-09 20:17 – Updated: 2026-03-06 19:12
    VLAI
    Title
    Session tickets lack random ticket_age_add in crypto/tls
    Summary
    Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/tls Affected: 0 , < 1.17.11 (semver)
    Affected: 1.18.0-0 , < 1.18.3 (semver)
    Create a notification for this product.
    Credits
    Github user @nervuri
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:56:13.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/405994"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/52814"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2022-0531"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.1,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-30629",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-24T20:38:04.620332Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-06T19:12:16.725Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/tls",
              "product": "crypto/tls",
              "programRoutines": [
                {
                  "name": "serverHandshakeStateTLS13.sendSessionTickets"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.17.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.18.3",
                  "status": "affected",
                  "version": "1.18.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Github user @nervuri"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-200: Information Exposure",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T19:04:50.302Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/405994"
            },
            {
              "url": "https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5"
            },
            {
              "url": "https://go.dev/issue/52814"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2022-0531"
            }
          ],
          "title": "Session tickets lack random ticket_age_add in crypto/tls"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2022-30629",
        "datePublished": "2022-08-09T20:17:31.000Z",
        "dateReserved": "2022-05-12T00:00:00.000Z",
        "dateUpdated": "2026-03-06T19:12:16.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }