Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-23773 (GCVE-0-2022-23773)
Vulnerability from cvelistv5 – Published: 2022-02-11 00:16 – Updated: 2024-08-03 03:51
VLAI
EPSS
Summary
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
| https://groups.google.com/g/golang-announce/c/SUs… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2022022… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/202208-02 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
},
{
"name": "GLSA-202208-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T15:12:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
},
{
"name": "GLSA-202208-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220225-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
},
{
"name": "GLSA-202208-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23773",
"datePublished": "2022-02-11T00:16:08.000Z",
"dateReserved": "2022-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:51:45.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-23773",
"date": "2026-05-29",
"epss": "0.00118",
"percentile": "0.30355"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-23773\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-02-11T01:15:07.707\",\"lastModified\":\"2024-11-21T06:49:15.303\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.\"},{\"lang\":\"es\",\"value\":\"cmd/go en Go versiones anteriores a 1.16.14 y versiones 1.17.x anteriores a 1.17.7, puede malinterpretar nombres de rama que falsamente parecen ser etiquetas de versi\u00f3n. Esto puede conllevar a un control de acceso incorrecto si supone que un actor puede crear ramas pero no etiquetas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-436\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.16.14\",\"matchCriteriaId\":\"3AC42B47-ED6E-4F64-BAFA-770B8834BB25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.17.0\",\"versionEndExcluding\":\"1.17.7\",\"matchCriteriaId\":\"39A5AFCD-0F53-440D-B617-BB1C92B67028\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B60CE797-9177-4705-B02D-83F5A48C5F6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DAE7369-EEC5-405E-9D13-858335FDA647\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F8E1764-2021-41E7-9CBE-6864313A74E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ADFF451-740F-4DBA-BD23-3881945D3E40\"}]}]}],\"references\":[{\"url\":\"https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220225-0006/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220225-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
FKIE_CVE-2022-23773
Vulnerability from fkie_nvd - Published: 2022-02-11 01:15 - Updated: 2024-11-21 06:49
Severity
Summary
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202208-02 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20220225-0006/ | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202208-02 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220225-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| golang | go | * | |
| golang | go | * | |
| netapp | beegfs_csi_driver | - | |
| netapp | cloud_insights_telegraf_agent | - | |
| netapp | kubernetes_monitoring_operator | - | |
| netapp | storagegrid | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC42B47-ED6E-4F64-BAFA-770B8834BB25",
"versionEndExcluding": "1.16.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39A5AFCD-0F53-440D-B617-BB1C92B67028",
"versionEndExcluding": "1.17.7",
"versionStartIncluding": "1.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B60CE797-9177-4705-B02D-83F5A48C5F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE7369-EEC5-405E-9D13-858335FDA647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8E1764-2021-41E7-9CBE-6864313A74E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags."
},
{
"lang": "es",
"value": "cmd/go en Go versiones anteriores a 1.16.14 y versiones 1.17.x anteriores a 1.17.7, puede malinterpretar nombres de rama que falsamente parecen ser etiquetas de versi\u00f3n. Esto puede conllevar a un control de acceso incorrecto si supone que un actor puede crear ramas pero no etiquetas"
}
],
"id": "CVE-2022-23773",
"lastModified": "2024-11-21T06:49:15.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-11T01:15:07.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-436"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-52J8-P7R3-733M
Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2022-03-30 00:01
VLAI
Details
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2022-23773"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-11T01:15:00Z",
"severity": "HIGH"
},
"details": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.",
"id": "GHSA-52j8-p7r3-733m",
"modified": "2022-03-30T00:01:42Z",
"published": "2022-02-12T00:00:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220225-0006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2022-23773
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-23773",
"description": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.",
"id": "GSD-2022-23773",
"references": [
"https://www.suse.com/security/cve/CVE-2022-23773.html",
"https://advisories.mageia.org/CVE-2022-23773.html",
"https://linux.oracle.com/cve/CVE-2022-23773.html",
"https://access.redhat.com/errata/RHSA-2022:1819",
"https://access.redhat.com/errata/RHSA-2022:4860",
"https://access.redhat.com/errata/RHSA-2022:4863",
"https://access.redhat.com/errata/RHSA-2022:5004",
"https://access.redhat.com/errata/RHSA-2022:5068",
"https://access.redhat.com/errata/RHSA-2022:5875",
"https://access.redhat.com/errata/RHSA-2022:5729",
"https://access.redhat.com/errata/RHSA-2022:6094",
"https://access.redhat.com/errata/RHSA-2022:6156",
"https://access.redhat.com/errata/RHSA-2022:6526",
"https://alas.aws.amazon.com/cve/html/CVE-2022-23773.html",
"https://access.redhat.com/errata/RHSA-2023:0408"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-23773"
],
"details": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.",
"id": "GSD-2022-23773",
"modified": "2023-12-13T01:19:35.018249Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220225-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
},
{
"name": "GLSA-202208-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-02"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.17.7",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.16.14",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23773"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220225-0006/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "GLSA-202208-02",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-02"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-11-09T21:50Z",
"publishedDate": "2022-02-11T01:15Z"
}
}
}
MSRC_CVE-2022-23773
Vulnerability from csaf_microsoft - Published: 2022-02-02 00:00 - Updated: 2024-09-11 00:00Summary
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 18796-16820 | — | ||
| Unresolved product id: 18772-17086 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2022/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2022/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2022-23773 cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-23773.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.",
"tracking": {
"current_release_date": "2024-09-11T00:00:00.000Z",
"generator": {
"date": "2025-12-27T18:08:48.024Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2022-23773",
"initial_release_date": "2022-02-02T00:00:00.000Z",
"revision_history": [
{
"date": "2022-02-17T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2024-08-29T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
},
{
"date": "2024-08-30T00:00:00.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Information published."
},
{
"date": "2024-08-31T00:00:00.000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Information published."
},
{
"date": "2024-09-01T00:00:00.000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Information published."
},
{
"date": "2024-09-02T00:00:00.000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Information published."
},
{
"date": "2024-09-03T00:00:00.000Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Information published."
},
{
"date": "2024-09-05T00:00:00.000Z",
"legacy_version": "1.7",
"number": "8",
"summary": "Information published."
},
{
"date": "2024-09-06T00:00:00.000Z",
"legacy_version": "1.8",
"number": "9",
"summary": "Information published."
},
{
"date": "2024-09-07T00:00:00.000Z",
"legacy_version": "1.9",
"number": "10",
"summary": "Information published."
},
{
"date": "2024-09-08T00:00:00.000Z",
"legacy_version": "2",
"number": "11",
"summary": "Information published."
},
{
"date": "2024-09-11T00:00:00.000Z",
"legacy_version": "2.1",
"number": "12",
"summary": "Information published."
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 golang 1.16.14-1",
"product": {
"name": "\u003ccm1 golang 1.16.14-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cm1 golang 1.16.14-1",
"product": {
"name": "cm1 golang 1.16.14-1",
"product_id": "18796"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.17.8-1",
"product": {
"name": "\u003ccbl2 golang 1.17.8-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.17.8-1",
"product": {
"name": "cbl2 golang 1.17.8-1",
"product_id": "18772"
}
}
],
"category": "product_name",
"name": "golang"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 golang 1.16.14-1 as a component of CBL Mariner 1.0",
"product_id": "16820-1"
},
"product_reference": "1",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 golang 1.16.14-1 as a component of CBL Mariner 1.0",
"product_id": "18796-16820"
},
"product_reference": "18796",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.17.8-1 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.17.8-1 as a component of CBL Mariner 2.0",
"product_id": "18772-17086"
},
"product_reference": "18772",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23773",
"cwe": {
"id": "CWE-436",
"name": "Interpretation Conflict"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"18796-16820",
"18772-17086"
],
"known_affected": [
"16820-1",
"17086-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-23773 cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-23773.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2022-02-17T00:00:00.000Z",
"details": "1.16.14-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2022-02-17T00:00:00.000Z",
"details": "1.17.8-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"16820-1",
"17086-2"
]
}
],
"title": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags."
}
]
}
OPENSUSE-SU-2022:0723-1
Vulnerability from csaf_opensuse - Published: 2022-03-04 09:32 - Updated: 2022-03-04 09:32Summary
Security update for go1.17
Severity
Important
Notes
Title of the patch: Security update for go1.17
Description of the patch: This update for go1.17 fixes the following issues:
- CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838).
- CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835).
- CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834).
The following non-security bugs were fixed:
- go#50978 crypto/elliptic: IsOnCurve returns true for invalid field elements
- go#50701 math/big: Rat.SetString may consume large amount of RAM and crash
- go#50687 cmd/go: do not treat branches with semantic-version names as releases
- go#50942 cmd/asm: 'compile: loop' compiler bug?
- go#50867 cmd/compile: incorrect use of CMN on arm64
- go#50812 cmd/go: remove bitbucket VCS probing
- go#50781 runtime: incorrect frame information in traceback traversal may hang the process.
- go#50722 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error
- go#50683 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg
- go#50586 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch
- go#50297 cmd/link: does not set section type of .init_array correctly
- go#50246 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of 'plugin' Package
Patchnames: openSUSE-SLE-15.3-2022-723,openSUSE-SLE-15.4-2022-723
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.17",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.17 fixes the following issues:\n\n- CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838).\n- CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835).\n- CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834).\n\nThe following non-security bugs were fixed:\n\n- go#50978 crypto/elliptic: IsOnCurve returns true for invalid field elements\n- go#50701 math/big: Rat.SetString may consume large amount of RAM and crash\n- go#50687 cmd/go: do not treat branches with semantic-version names as releases\n- go#50942 cmd/asm: \u0027compile: loop\u0027 compiler bug?\n- go#50867 cmd/compile: incorrect use of CMN on arm64\n- go#50812 cmd/go: remove bitbucket VCS probing\n- go#50781 runtime: incorrect frame information in traceback traversal may hang the process.\n- go#50722 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error\n- go#50683 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg\n- go#50586 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch\n- go#50297 cmd/link: does not set section type of .init_array correctly\n- go#50246 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of \u0027plugin\u0027 Package\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2022-723,openSUSE-SLE-15.4-2022-723",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0723-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0723-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OPXUBD6DBIW4WEXMYCUH5OXEVJIKJHR4/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0723-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OPXUBD6DBIW4WEXMYCUH5OXEVJIKJHR4/"
},
{
"category": "self",
"summary": "SUSE Bug 1190649",
"url": "https://bugzilla.suse.com/1190649"
},
{
"category": "self",
"summary": "SUSE Bug 1195834",
"url": "https://bugzilla.suse.com/1195834"
},
{
"category": "self",
"summary": "SUSE Bug 1195835",
"url": "https://bugzilla.suse.com/1195835"
},
{
"category": "self",
"summary": "SUSE Bug 1195838",
"url": "https://bugzilla.suse.com/1195838"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23772 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23773 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23806 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23806/"
}
],
"title": "Security update for go1.17",
"tracking": {
"current_release_date": "2022-03-04T09:32:01Z",
"generator": {
"date": "2022-03-04T09:32:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0723-1",
"initial_release_date": "2022-03-04T09:32:01Z",
"revision_history": [
{
"date": "2022-03-04T09:32:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.20.1.aarch64",
"product": {
"name": "go1.17-1.17.7-1.20.1.aarch64",
"product_id": "go1.17-1.17.7-1.20.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.20.1.aarch64",
"product": {
"name": "go1.17-doc-1.17.7-1.20.1.aarch64",
"product_id": "go1.17-doc-1.17.7-1.20.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.17-race-1.17.7-1.20.1.aarch64",
"product": {
"name": "go1.17-race-1.17.7-1.20.1.aarch64",
"product_id": "go1.17-race-1.17.7-1.20.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.20.1.i586",
"product": {
"name": "go1.17-1.17.7-1.20.1.i586",
"product_id": "go1.17-1.17.7-1.20.1.i586"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.20.1.i586",
"product": {
"name": "go1.17-doc-1.17.7-1.20.1.i586",
"product_id": "go1.17-doc-1.17.7-1.20.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.20.1.ppc64le",
"product": {
"name": "go1.17-1.17.7-1.20.1.ppc64le",
"product_id": "go1.17-1.17.7-1.20.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.20.1.ppc64le",
"product": {
"name": "go1.17-doc-1.17.7-1.20.1.ppc64le",
"product_id": "go1.17-doc-1.17.7-1.20.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.20.1.s390x",
"product": {
"name": "go1.17-1.17.7-1.20.1.s390x",
"product_id": "go1.17-1.17.7-1.20.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.20.1.s390x",
"product": {
"name": "go1.17-doc-1.17.7-1.20.1.s390x",
"product_id": "go1.17-doc-1.17.7-1.20.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.20.1.x86_64",
"product": {
"name": "go1.17-1.17.7-1.20.1.x86_64",
"product_id": "go1.17-1.17.7-1.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.20.1.x86_64",
"product": {
"name": "go1.17-doc-1.17.7-1.20.1.x86_64",
"product_id": "go1.17-doc-1.17.7-1.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.17-race-1.17.7-1.20.1.x86_64",
"product": {
"name": "go1.17-race-1.17.7-1.20.1.x86_64",
"product_id": "go1.17-race-1.17.7-1.20.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.20.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64"
},
"product_reference": "go1.17-1.17.7-1.20.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.20.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586"
},
"product_reference": "go1.17-1.17.7-1.20.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.20.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le"
},
"product_reference": "go1.17-1.17.7-1.20.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.20.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x"
},
"product_reference": "go1.17-1.17.7-1.20.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.20.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64"
},
"product_reference": "go1.17-1.17.7-1.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.20.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64"
},
"product_reference": "go1.17-doc-1.17.7-1.20.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.20.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586"
},
"product_reference": "go1.17-doc-1.17.7-1.20.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.20.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le"
},
"product_reference": "go1.17-doc-1.17.7-1.20.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.20.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x"
},
"product_reference": "go1.17-doc-1.17.7-1.20.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.20.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64"
},
"product_reference": "go1.17-doc-1.17.7-1.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.7-1.20.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64"
},
"product_reference": "go1.17-race-1.17.7-1.20.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.7-1.20.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
},
"product_reference": "go1.17-race-1.17.7-1.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23772"
}
],
"notes": [
{
"category": "general",
"text": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23772",
"url": "https://www.suse.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "SUSE Bug 1195835 for CVE-2022-23772",
"url": "https://bugzilla.suse.com/1195835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-04T09:32:01Z",
"details": "important"
}
],
"title": "CVE-2022-23772"
},
{
"cve": "CVE-2022-23773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23773"
}
],
"notes": [
{
"category": "general",
"text": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23773",
"url": "https://www.suse.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "SUSE Bug 1195834 for CVE-2022-23773",
"url": "https://bugzilla.suse.com/1195834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-04T09:32:01Z",
"details": "moderate"
}
],
"title": "CVE-2022-23773"
},
{
"cve": "CVE-2022-23806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23806"
}
],
"notes": [
{
"category": "general",
"text": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23806",
"url": "https://www.suse.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "SUSE Bug 1195838 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1195838"
},
{
"category": "external",
"summary": "SUSE Bug 1206559 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1206559"
},
{
"category": "external",
"summary": "SUSE Bug 1208723 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1208723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-04T09:32:01Z",
"details": "important"
}
],
"title": "CVE-2022-23806"
}
]
}
OPENSUSE-SU-2022:0724-1
Vulnerability from csaf_opensuse - Published: 2022-03-04 09:34 - Updated: 2022-03-04 09:34Summary
Security update for go1.16
Severity
Important
Notes
Title of the patch: Security update for go1.16
Description of the patch: This update for go1.16 fixes the following issues:
- CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838).
- CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835).
- CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834).
The following non-security bugs were fixed:
- go#50977 crypto/elliptic: IsOnCurve returns true for invalid field elements
- go#50700 math/big: Rat.SetString may consume large amount of RAM and crash
- go#50686 cmd/go: do not treat branches with semantic-version names as releases
- go#50866 cmd/compile: incorrect use of CMN on arm64
- go#50832 runtime/race: NoRaceMutexPureHappensBefore failures
- go#50811 cmd/go: remove bitbucket VCS probing
- go#50780 runtime: incorrect frame information in traceback traversal may hang the process.
- go#50721 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error
- go#50682 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg
- go#50645 testing: surprising interaction of subtests with TempDir
- go#50585 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch
- go#50245 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of 'plugin' Package
Patchnames: openSUSE-SLE-15.3-2022-724,openSUSE-SLE-15.4-2022-724
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.16",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.16 fixes the following issues:\n\n- CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838).\n- CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835).\n- CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834).\n\nThe following non-security bugs were fixed:\n\n- go#50977 crypto/elliptic: IsOnCurve returns true for invalid field elements\n- go#50700 math/big: Rat.SetString may consume large amount of RAM and crash\n- go#50686 cmd/go: do not treat branches with semantic-version names as releases\n- go#50866 cmd/compile: incorrect use of CMN on arm64\n- go#50832 runtime/race: NoRaceMutexPureHappensBefore failures\n- go#50811 cmd/go: remove bitbucket VCS probing\n- go#50780 runtime: incorrect frame information in traceback traversal may hang the process.\n- go#50721 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error\n- go#50682 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg\n- go#50645 testing: surprising interaction of subtests with TempDir\n- go#50585 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch\n- go#50245 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of \u0027plugin\u0027 Package\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2022-724,openSUSE-SLE-15.4-2022-724",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0724-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0724-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IMRYQV73OUYCKMEO4GSE5KGQ7EEQYJHV/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0724-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IMRYQV73OUYCKMEO4GSE5KGQ7EEQYJHV/"
},
{
"category": "self",
"summary": "SUSE Bug 1182345",
"url": "https://bugzilla.suse.com/1182345"
},
{
"category": "self",
"summary": "SUSE Bug 1195834",
"url": "https://bugzilla.suse.com/1195834"
},
{
"category": "self",
"summary": "SUSE Bug 1195835",
"url": "https://bugzilla.suse.com/1195835"
},
{
"category": "self",
"summary": "SUSE Bug 1195838",
"url": "https://bugzilla.suse.com/1195838"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23772 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23773 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23806 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23806/"
}
],
"title": "Security update for go1.16",
"tracking": {
"current_release_date": "2022-03-04T09:34:13Z",
"generator": {
"date": "2022-03-04T09:34:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0724-1",
"initial_release_date": "2022-03-04T09:34:13Z",
"revision_history": [
{
"date": "2022-03-04T09:34:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.14-1.43.1.aarch64",
"product": {
"name": "go1.16-1.16.14-1.43.1.aarch64",
"product_id": "go1.16-1.16.14-1.43.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.14-1.43.1.aarch64",
"product": {
"name": "go1.16-doc-1.16.14-1.43.1.aarch64",
"product_id": "go1.16-doc-1.16.14-1.43.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.14-1.43.1.aarch64",
"product": {
"name": "go1.16-race-1.16.14-1.43.1.aarch64",
"product_id": "go1.16-race-1.16.14-1.43.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.14-1.43.1.ppc64le",
"product": {
"name": "go1.16-1.16.14-1.43.1.ppc64le",
"product_id": "go1.16-1.16.14-1.43.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.14-1.43.1.ppc64le",
"product": {
"name": "go1.16-doc-1.16.14-1.43.1.ppc64le",
"product_id": "go1.16-doc-1.16.14-1.43.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.14-1.43.1.s390x",
"product": {
"name": "go1.16-1.16.14-1.43.1.s390x",
"product_id": "go1.16-1.16.14-1.43.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.14-1.43.1.s390x",
"product": {
"name": "go1.16-doc-1.16.14-1.43.1.s390x",
"product_id": "go1.16-doc-1.16.14-1.43.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.14-1.43.1.x86_64",
"product": {
"name": "go1.16-1.16.14-1.43.1.x86_64",
"product_id": "go1.16-1.16.14-1.43.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.14-1.43.1.x86_64",
"product": {
"name": "go1.16-doc-1.16.14-1.43.1.x86_64",
"product_id": "go1.16-doc-1.16.14-1.43.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.14-1.43.1.x86_64",
"product": {
"name": "go1.16-race-1.16.14-1.43.1.x86_64",
"product_id": "go1.16-race-1.16.14-1.43.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.14-1.43.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64"
},
"product_reference": "go1.16-1.16.14-1.43.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.14-1.43.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le"
},
"product_reference": "go1.16-1.16.14-1.43.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.14-1.43.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x"
},
"product_reference": "go1.16-1.16.14-1.43.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.14-1.43.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64"
},
"product_reference": "go1.16-1.16.14-1.43.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.14-1.43.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64"
},
"product_reference": "go1.16-doc-1.16.14-1.43.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.14-1.43.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le"
},
"product_reference": "go1.16-doc-1.16.14-1.43.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.14-1.43.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x"
},
"product_reference": "go1.16-doc-1.16.14-1.43.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.14-1.43.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64"
},
"product_reference": "go1.16-doc-1.16.14-1.43.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.14-1.43.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64"
},
"product_reference": "go1.16-race-1.16.14-1.43.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.14-1.43.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
},
"product_reference": "go1.16-race-1.16.14-1.43.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23772"
}
],
"notes": [
{
"category": "general",
"text": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23772",
"url": "https://www.suse.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "SUSE Bug 1195835 for CVE-2022-23772",
"url": "https://bugzilla.suse.com/1195835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-04T09:34:13Z",
"details": "important"
}
],
"title": "CVE-2022-23772"
},
{
"cve": "CVE-2022-23773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23773"
}
],
"notes": [
{
"category": "general",
"text": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23773",
"url": "https://www.suse.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "SUSE Bug 1195834 for CVE-2022-23773",
"url": "https://bugzilla.suse.com/1195834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-04T09:34:13Z",
"details": "moderate"
}
],
"title": "CVE-2022-23773"
},
{
"cve": "CVE-2022-23806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23806"
}
],
"notes": [
{
"category": "general",
"text": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23806",
"url": "https://www.suse.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "SUSE Bug 1195838 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1195838"
},
{
"category": "external",
"summary": "SUSE Bug 1206559 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1206559"
},
{
"category": "external",
"summary": "SUSE Bug 1208723 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1208723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-04T09:34:13Z",
"details": "important"
}
],
"title": "CVE-2022-23806"
}
]
}
OPENSUSE-SU-2024:11843-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
go1.16-1.16.14-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.16-1.16.14-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.16-1.16.14-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11843
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.16-1.16.14-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.16-1.16.14-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11843",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11843-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23772 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23773 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23806 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23806/"
}
],
"title": "go1.16-1.16.14-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11843-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.14-1.1.aarch64",
"product": {
"name": "go1.16-1.16.14-1.1.aarch64",
"product_id": "go1.16-1.16.14-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.14-1.1.aarch64",
"product": {
"name": "go1.16-doc-1.16.14-1.1.aarch64",
"product_id": "go1.16-doc-1.16.14-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.14-1.1.aarch64",
"product": {
"name": "go1.16-race-1.16.14-1.1.aarch64",
"product_id": "go1.16-race-1.16.14-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.14-1.1.ppc64le",
"product": {
"name": "go1.16-1.16.14-1.1.ppc64le",
"product_id": "go1.16-1.16.14-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.14-1.1.ppc64le",
"product": {
"name": "go1.16-doc-1.16.14-1.1.ppc64le",
"product_id": "go1.16-doc-1.16.14-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.14-1.1.ppc64le",
"product": {
"name": "go1.16-race-1.16.14-1.1.ppc64le",
"product_id": "go1.16-race-1.16.14-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.14-1.1.s390x",
"product": {
"name": "go1.16-1.16.14-1.1.s390x",
"product_id": "go1.16-1.16.14-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.14-1.1.s390x",
"product": {
"name": "go1.16-doc-1.16.14-1.1.s390x",
"product_id": "go1.16-doc-1.16.14-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.14-1.1.s390x",
"product": {
"name": "go1.16-race-1.16.14-1.1.s390x",
"product_id": "go1.16-race-1.16.14-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.14-1.1.x86_64",
"product": {
"name": "go1.16-1.16.14-1.1.x86_64",
"product_id": "go1.16-1.16.14-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.14-1.1.x86_64",
"product": {
"name": "go1.16-doc-1.16.14-1.1.x86_64",
"product_id": "go1.16-doc-1.16.14-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.14-1.1.x86_64",
"product": {
"name": "go1.16-race-1.16.14-1.1.x86_64",
"product_id": "go1.16-race-1.16.14-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.14-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64"
},
"product_reference": "go1.16-1.16.14-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.14-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le"
},
"product_reference": "go1.16-1.16.14-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.14-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x"
},
"product_reference": "go1.16-1.16.14-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.14-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64"
},
"product_reference": "go1.16-1.16.14-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.14-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64"
},
"product_reference": "go1.16-doc-1.16.14-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.14-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le"
},
"product_reference": "go1.16-doc-1.16.14-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.14-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x"
},
"product_reference": "go1.16-doc-1.16.14-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.14-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64"
},
"product_reference": "go1.16-doc-1.16.14-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.14-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64"
},
"product_reference": "go1.16-race-1.16.14-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.14-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le"
},
"product_reference": "go1.16-race-1.16.14-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.14-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x"
},
"product_reference": "go1.16-race-1.16.14-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.14-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
},
"product_reference": "go1.16-race-1.16.14-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23772"
}
],
"notes": [
{
"category": "general",
"text": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23772",
"url": "https://www.suse.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "SUSE Bug 1195835 for CVE-2022-23772",
"url": "https://bugzilla.suse.com/1195835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-23772"
},
{
"cve": "CVE-2022-23773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23773"
}
],
"notes": [
{
"category": "general",
"text": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23773",
"url": "https://www.suse.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "SUSE Bug 1195834 for CVE-2022-23773",
"url": "https://bugzilla.suse.com/1195834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-23773"
},
{
"cve": "CVE-2022-23806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23806"
}
],
"notes": [
{
"category": "general",
"text": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23806",
"url": "https://www.suse.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "SUSE Bug 1195838 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1195838"
},
{
"category": "external",
"summary": "SUSE Bug 1206559 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1206559"
},
{
"category": "external",
"summary": "SUSE Bug 1208723 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1208723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-23806"
}
]
}
OPENSUSE-SU-2024:11844-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
go1.17-1.17.7-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.17-1.17.7-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.17-1.17.7-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11844
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.17-1.17.7-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.17-1.17.7-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11844",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11844-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23772 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23773 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23806 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23806/"
}
],
"title": "go1.17-1.17.7-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11844-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.1.aarch64",
"product": {
"name": "go1.17-1.17.7-1.1.aarch64",
"product_id": "go1.17-1.17.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.1.aarch64",
"product": {
"name": "go1.17-doc-1.17.7-1.1.aarch64",
"product_id": "go1.17-doc-1.17.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.17-race-1.17.7-1.1.aarch64",
"product": {
"name": "go1.17-race-1.17.7-1.1.aarch64",
"product_id": "go1.17-race-1.17.7-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.1.ppc64le",
"product": {
"name": "go1.17-1.17.7-1.1.ppc64le",
"product_id": "go1.17-1.17.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.1.ppc64le",
"product": {
"name": "go1.17-doc-1.17.7-1.1.ppc64le",
"product_id": "go1.17-doc-1.17.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.17-race-1.17.7-1.1.ppc64le",
"product": {
"name": "go1.17-race-1.17.7-1.1.ppc64le",
"product_id": "go1.17-race-1.17.7-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.1.s390x",
"product": {
"name": "go1.17-1.17.7-1.1.s390x",
"product_id": "go1.17-1.17.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.1.s390x",
"product": {
"name": "go1.17-doc-1.17.7-1.1.s390x",
"product_id": "go1.17-doc-1.17.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.17-race-1.17.7-1.1.s390x",
"product": {
"name": "go1.17-race-1.17.7-1.1.s390x",
"product_id": "go1.17-race-1.17.7-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.1.x86_64",
"product": {
"name": "go1.17-1.17.7-1.1.x86_64",
"product_id": "go1.17-1.17.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.1.x86_64",
"product": {
"name": "go1.17-doc-1.17.7-1.1.x86_64",
"product_id": "go1.17-doc-1.17.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.17-race-1.17.7-1.1.x86_64",
"product": {
"name": "go1.17-race-1.17.7-1.1.x86_64",
"product_id": "go1.17-race-1.17.7-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64"
},
"product_reference": "go1.17-1.17.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le"
},
"product_reference": "go1.17-1.17.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x"
},
"product_reference": "go1.17-1.17.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64"
},
"product_reference": "go1.17-1.17.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64"
},
"product_reference": "go1.17-doc-1.17.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le"
},
"product_reference": "go1.17-doc-1.17.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x"
},
"product_reference": "go1.17-doc-1.17.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64"
},
"product_reference": "go1.17-doc-1.17.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64"
},
"product_reference": "go1.17-race-1.17.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le"
},
"product_reference": "go1.17-race-1.17.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x"
},
"product_reference": "go1.17-race-1.17.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
},
"product_reference": "go1.17-race-1.17.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23772"
}
],
"notes": [
{
"category": "general",
"text": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23772",
"url": "https://www.suse.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "SUSE Bug 1195835 for CVE-2022-23772",
"url": "https://bugzilla.suse.com/1195835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-23772"
},
{
"cve": "CVE-2022-23773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23773"
}
],
"notes": [
{
"category": "general",
"text": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23773",
"url": "https://www.suse.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "SUSE Bug 1195834 for CVE-2022-23773",
"url": "https://bugzilla.suse.com/1195834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-23773"
},
{
"cve": "CVE-2022-23806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23806"
}
],
"notes": [
{
"category": "general",
"text": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23806",
"url": "https://www.suse.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "SUSE Bug 1195838 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1195838"
},
{
"category": "external",
"summary": "SUSE Bug 1206559 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1206559"
},
{
"category": "external",
"summary": "SUSE Bug 1208723 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1208723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-23806"
}
]
}
RHSA-2022:1819
Vulnerability from csaf_redhat - Published: 2022-05-10 14:02 - Updated: 2026-05-15 02:19Summary
Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update
Severity
Moderate
Notes
Topic: An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
Security Fix(es):
* golang: Command-line arguments may overwrite global data (CVE-2021-38297)
* golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)
* golang: debug/macho: invalid dynamic symbol table command can cause panic (CVE-2021-41771)
* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. This vulnerability can only be triggered when invoking functions from vulnerable WASM (WebAssembly) Modules. Go can be compiled to WASM. If the product or service doesn't use WASM functions, it is not affected, although it uses golang.
9.8 (Critical)
Affected products
Fixed
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. An attacker capable of submitting a crafted ZIP file to a Go application using archive/zip to process that file could cause a denial of service via memory exhaustion or panic. This particular flaw is an incomplete fix for a previous flaw.
7.5 (High)
Affected products
Fixed
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/macho standard library (stdlib) and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice (array) causing a panic when calling ImportedSymbols. An attacker can use this vulnerability to craft a file which causes an application using this library to crash resulting in a denial of service.
7.5 (High)
Affected products
Fixed
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument.
7.5 (High)
Affected products
Fixed
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.
7.5 (High)
Affected products
Fixed
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.
7.5 (High)
Affected products
Fixed
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.
7.1 (High)
Affected products
Fixed
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nSecurity Fix(es):\n\n* golang: Command-line arguments may overwrite global data (CVE-2021-38297)\n\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)\n\n* golang: debug/macho: invalid dynamic symbol table command can cause panic (CVE-2021-41771)\n\n* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1819",
"url": "https://access.redhat.com/errata/RHSA-2022:1819"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"category": "external",
"summary": "2006044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006044"
},
{
"category": "external",
"summary": "2012887",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2012887"
},
{
"category": "external",
"summary": "2014704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014704"
},
{
"category": "external",
"summary": "2020725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020725"
},
{
"category": "external",
"summary": "2020736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020736"
},
{
"category": "external",
"summary": "2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1819.json"
}
],
"title": "Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update",
"tracking": {
"current_release_date": "2026-05-15T02:19:57+00:00",
"generator": {
"date": "2026-05-15T02:19:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2022:1819",
"initial_release_date": "2022-05-10T14:02:26+00:00",
"revision_history": [
{
"date": "2022-05-10T14:02:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-05-10T14:02:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-15T02:19:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64 (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"product": {
"name": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64 (go-toolset:rhel8)",
"product_id": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64 (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=src\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"product": {
"name": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src (go-toolset:rhel8)",
"product_id": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=src\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
},
{
"category": "product_version",
"name": "delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"product": {
"name": "delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src (go-toolset:rhel8)",
"product_id": "delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.7.2-1.module%2Bel8.6.0%2B12972%2Bebab5911?arch=src\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"product": {
"name": "golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch (go-toolset:rhel8)",
"product_id": "golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-docs@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=noarch\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
},
{
"category": "product_version",
"name": "golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"product": {
"name": "golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch (go-toolset:rhel8)",
"product_id": "golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-misc@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=noarch\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
},
{
"category": "product_version",
"name": "golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"product": {
"name": "golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch (go-toolset:rhel8)",
"product_id": "golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-src@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=noarch\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
},
{
"category": "product_version",
"name": "golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"product": {
"name": "golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch (go-toolset:rhel8)",
"product_id": "golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-tests@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=noarch\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"product": {
"name": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le (go-toolset:rhel8)",
"product_id": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=s390x\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"product": {
"name": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x (go-toolset:rhel8)",
"product_id": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=s390x\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=s390x\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64 (go-toolset:rhel8)",
"product_id": "delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.7.2-1.module%2Bel8.6.0%2B12972%2Bebab5911?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64 (go-toolset:rhel8)",
"product_id": "delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.7.2-1.module%2Bel8.6.0%2B12972%2Bebab5911?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64 (go-toolset:rhel8)",
"product_id": "delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.7.2-1.module%2Bel8.6.0%2B12972%2Bebab5911?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64 (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"product": {
"name": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64 (go-toolset:rhel8)",
"product_id": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64 (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"product": {
"name": "golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64 (go-toolset:rhel8)",
"product_id": "golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.17.7-1.module%2Bel8.6.0%2B14297%2B32a15e19?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8060020220221035359:76a129d7"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8"
},
"product_reference": "delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8"
},
"product_reference": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8"
},
"product_reference": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8"
},
"product_reference": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8"
},
"product_reference": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8"
},
"product_reference": "golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
},
"product_reference": "golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
},
"product_reference": "golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8"
},
"product_reference": "golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
},
"product_reference": "golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
},
"product_reference": "golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.6.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-38297",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2012887"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. This vulnerability can only be triggered when invoking functions from vulnerable WASM (WebAssembly) Modules. Go can be compiled to WASM. If the product or service doesn\u0027t use WASM functions, it is not affected, although it uses golang.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: Command-line arguments may overwrite global data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Although this flaw has a higher CVSS score, in a strict sense, the flaw could possibly enable code exec, either Red Hat products don\u0027t use WASM, or don\u0027t expose WASM functions in a way that makes code exec possible. For this reason, the Red Hat impact for this flaw is Moderate.\n\n* Because the flawed code is not actually used in Service Telemetry Framework1.3, no update will be provided at this time for STF\u0027s sg-core-container.\n\n*For a WASM Module to be vulnerable, it needs to be built using GOARCH=wasm GOOS=js (build options for WebAssembly).\n\n*CVE-2021-38297 is a vulnerability that affects Go (golang). It has been fixed in versions 1.17.2 and 1.16.9.\n\n*CVE-2021-38297 does not affect the OpenShift Container Platform (OCP) because it does not build anything with GOARCH=wasm GOOS=js. Hence, OCP-based services are not affected either.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-38297"
},
{
"category": "external",
"summary": "RHBZ#2012887",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2012887"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38297"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A",
"url": "https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A"
}
],
"release_date": "2021-10-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T14:02:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1819"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: Command-line arguments may overwrite global data"
},
{
"cve": "CVE-2021-39293",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2006044"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. An attacker capable of submitting a crafted ZIP file to a Go application using archive/zip to process that file could cause a denial of service via memory exhaustion or panic. This particular flaw is an incomplete fix for a previous flaw.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* In OpenShift Container Platform, multiple components are written in Go and use archive/zip from the standard library. However, all such components are short lived client side tools, not long lived server side executables. As the maximum impact of this vulnerability is a denial of service in client utilities, this vulnerability is rated Low for OpenShift Container Platform.\n\n* This flaw is out of support scope for Red Hat Enterprise Linux 7. For more information about Red Hat Enterprise Linux support scope, please see https://access.redhat.com/support/policy/updates/errata\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s smart-gateway-container and sg-core-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-39293"
},
{
"category": "external",
"summary": "RHBZ#2006044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006044"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/dx9d7IOseHw",
"url": "https://groups.google.com/g/golang-announce/c/dx9d7IOseHw"
}
],
"release_date": "2021-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T14:02:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1819"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)"
},
{
"cve": "CVE-2021-41771",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2021-11-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2020725"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/macho standard library (stdlib) and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice (array) causing a panic when calling ImportedSymbols. An attacker can use this vulnerability to craft a file which causes an application using this library to crash resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: debug/macho: invalid dynamic symbol table command can cause panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Service Telemetry Framework, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the sg-core-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41771"
},
{
"category": "external",
"summary": "RHBZ#2020725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020725"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41771",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41771"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0fM21h43arc",
"url": "https://groups.google.com/g/golang-announce/c/0fM21h43arc"
}
],
"release_date": "2021-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T14:02:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1819"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: debug/macho: invalid dynamic symbol table command can cause panic"
},
{
"cve": "CVE-2021-41772",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"discovery_date": "2021-11-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2020736"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Reader.Open panics on empty string",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* In OpenShift Container Platform multiple components are written in Go and use archive/zip from the standard library. However, all such components are short lived client side tools, not long lived server side executables. As the maximum impact of this vulnerability is a denial of service in client utilities, this vulnerability is rated Low for OpenShift Container Platform.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s sg-core-container.\n\n* Because Red Hat Ceph Storage only uses Go\u0027s archive/zip for the Grafana CLI and thus is not directly exploitable, the vulnerability has been rated low for Red Hat Ceph Storage.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41772"
},
{
"category": "external",
"summary": "RHBZ#2020736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41772"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0fM21h43arc",
"url": "https://groups.google.com/g/golang-announce/c/0fM21h43arc"
}
],
"release_date": "2021-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T14:02:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1819"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Reader.Open panics on empty string"
},
{
"cve": "CVE-2022-23772",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053532"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "RHBZ#2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T14:02:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1819"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString"
},
{
"cve": "CVE-2022-23773",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053541"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "RHBZ#2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T14:02:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1819"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
},
{
"cve": "CVE-2022-23806",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053429"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nThe vulnerability lies in the crypto/elliptic: IsOnCurve taking in negative and invalid forms of data input and resulting in a panic, the resulting invalid data input is also resulting in data sinks in other functions such as marshall that handle elliptic curve cryptography by converting points on an elliptic curve into a binary format for storage or transmission and scalarmult which provides scalar multiplication, all three function takes in invalid forms of data and results in a crash, although the main culprit being isoncurve function, considering the attack complexity being high as the data that reaches the vulnerable function could already be stripped of negative sign and the resultant successful exploitation only leading to a panic/crash the vulnerability has been rated as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "RHBZ#2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T14:02:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1819"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debuginfo-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:delve-debugsource-0:1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:go-toolset-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.src::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.aarch64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.ppc64le::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.s390x::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-bin-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-docs-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-misc-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-race-0:1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-src-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8",
"AppStream-8.6.0.GA:golang-tests-0:1.17.7-1.module+el8.6.0+14297+32a15e19.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
}
]
}
RHSA-2022:4860
Vulnerability from csaf_redhat - Published: 2022-06-01 11:48 - Updated: 2026-04-30 16:20Summary
Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.22.1
Severity
Moderate
Notes
Topic: Release of OpenShift Serverless Client kn 1.22.1
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Red Hat OpenShift Serverless Client kn 1.22.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.22.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
Security Fix(es):
- golang: crypto/elliptic IsOnCurve returns true for invalid field
elements(CVE-2022-23806)
- golang: cmd/go: misinterpretation of branch names can lead to incorrect access control(CVE-2022-23773)
- golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
For more details about the security issue(s), including the impact; a CVSS score; acknowledgments; and other related information refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.
7.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Release of OpenShift Serverless Client kn 1.22.1\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat OpenShift Serverless Client kn 1.22.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.22.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.\n\nSecurity Fix(es):\n- golang: crypto/elliptic IsOnCurve returns true for invalid field\nelements(CVE-2022-23806)\n- golang: cmd/go: misinterpretation of branch names can lead to incorrect access control(CVE-2022-23773)\n- golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\nFor more details about the security issue(s), including the impact; a CVSS score; acknowledgments; and other related information refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:4860",
"url": "https://access.redhat.com/errata/RHSA-2022:4860"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index"
},
{
"category": "external",
"summary": "2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4860.json"
}
],
"title": "Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.22.1",
"tracking": {
"current_release_date": "2026-04-30T16:20:34+00:00",
"generator": {
"date": "2026-04-30T16:20:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2022:4860",
"initial_release_date": "2022-06-01T11:48:35+00:00",
"revision_history": [
{
"date": "2022-06-01T11:48:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-06-01T11:48:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:20:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Serverless 1.0",
"product": {
"name": "Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:serverless:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Serverless"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:1.1.0-3.el8.src",
"product": {
"name": "openshift-serverless-clients-0:1.1.0-3.el8.src",
"product_id": "openshift-serverless-clients-0:1.1.0-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@1.1.0-3.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:1.1.0-3.el8.x86_64",
"product": {
"name": "openshift-serverless-clients-0:1.1.0-3.el8.x86_64",
"product_id": "openshift-serverless-clients-0:1.1.0-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@1.1.0-3.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:1.1.0-3.el8.ppc64le",
"product": {
"name": "openshift-serverless-clients-0:1.1.0-3.el8.ppc64le",
"product_id": "openshift-serverless-clients-0:1.1.0-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@1.1.0-3.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:1.1.0-3.el8.s390x",
"product": {
"name": "openshift-serverless-clients-0:1.1.0-3.el8.s390x",
"product_id": "openshift-serverless-clients-0:1.1.0-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@1.1.0-3.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:1.1.0-3.el8.ppc64le as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.ppc64le"
},
"product_reference": "openshift-serverless-clients-0:1.1.0-3.el8.ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:1.1.0-3.el8.s390x as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.s390x"
},
"product_reference": "openshift-serverless-clients-0:1.1.0-3.el8.s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:1.1.0-3.el8.src as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.src"
},
"product_reference": "openshift-serverless-clients-0:1.1.0-3.el8.src",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:1.1.0-3.el8.x86_64 as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.x86_64"
},
"product_reference": "openshift-serverless-clients-0:1.1.0-3.el8.x86_64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23772",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053532"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "RHBZ#2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-01T11:48:35+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4860"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString"
},
{
"cve": "CVE-2022-23773",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053541"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "RHBZ#2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-01T11:48:35+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4860"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
},
{
"cve": "CVE-2022-23806",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053429"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nThe vulnerability lies in the crypto/elliptic: IsOnCurve taking in negative and invalid forms of data input and resulting in a panic, the resulting invalid data input is also resulting in data sinks in other functions such as marshall that handle elliptic curve cryptography by converting points on an elliptic curve into a binary format for storage or transmission and scalarmult which provides scalar multiplication, all three function takes in invalid forms of data and results in a crash, although the main culprit being isoncurve function, considering the attack complexity being high as the data that reaches the vulnerable function could already be stripped of negative sign and the resultant successful exploitation only leading to a panic/crash the vulnerability has been rated as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "RHBZ#2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-01T11:48:35+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4860"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.1.0-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…