Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-27664 (GCVE-0-2022-27664)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:29 – Updated: 2024-08-03 05:32
VLAI
EPSS
Summary
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://groups.google.com/g/golang-announce | x_refsource_MISC |
| https://groups.google.com/g/golang-announce/c/x49… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.netapp.com/advisory/ntap-2022092… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/202209-26 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"
},
{
"name": "FEDORA-2022-67ec8c61d0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/"
},
{
"name": "FEDORA-2022-45097317b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220923-0004/"
},
{
"name": "GLSA-202209-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:06:56.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/golang-announce"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"
},
{
"name": "FEDORA-2022-67ec8c61d0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/"
},
{
"name": "FEDORA-2022-45097317b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220923-0004/"
},
{
"name": "GLSA-202209-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-26"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce"
},
{
"name": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s",
"refsource": "CONFIRM",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"
},
{
"name": "FEDORA-2022-67ec8c61d0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/"
},
{
"name": "FEDORA-2022-45097317b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220923-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220923-0004/"
},
{
"name": "GLSA-202209-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-26"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-27664",
"datePublished": "2022-09-06T17:29:08.000Z",
"dateReserved": "2022-03-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:32:59.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-27664",
"date": "2026-05-27",
"epss": "0.00098",
"percentile": "0.26741"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-27664\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-09-06T18:15:12.747\",\"lastModified\":\"2024-11-21T06:56:07.703\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.\"},{\"lang\":\"es\",\"value\":\"En net/http en Go versiones anteriores a 1.18.6 y 1.19.x anteriores a 1.19.1, los atacantes pueden causar una denegaci\u00f3n de servicio porque una conexi\u00f3n HTTP/2 puede colgarse durante el cierre si el apagado fue adelantado por un error fatal.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.18.6\",\"matchCriteriaId\":\"5FD1F793-7C7B-454B-BD2D-CE56C91E8573\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.19.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6173F8B9-F925-4166-9D3A-6793082D6A6F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]}],\"references\":[{\"url\":\"https://groups.google.com/g/golang-announce\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/x49AQzIVX-s\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202209-26\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220923-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/x49AQzIVX-s\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202209-26\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220923-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2023:0708
Vulnerability from csaf_redhat - Published: 2023-02-09 09:28 - Updated: 2026-05-27 08:35Summary
Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.27.0
Severity
Moderate
Notes
Topic: Release of OpenShift Serverless Client kn 1.27.0
Red Hat Product Security has rated this update as having a security impact of
Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Red Hat OpenShift Serverless Client kn 1.27.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.27.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
Security Fix(es):
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query
parameters (CVE-2022-2880)
* golang: archive/tar: unbounded memory consumption when reading headers
(CVE-2022-2879)
For more details about the security issue(s), including the impact; a CVSS
score; acknowledgments; and other related information refer to the CVE page(s)
listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
36 references
Acknowledgments
ADA Logics
Adam Korczynski
OSS-Fuzz
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Release of OpenShift Serverless Client kn 1.27.0\n\nRed Hat Product Security has rated this update as having a security impact of\nLow. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Serverless Client kn 1.27.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.27.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.\n\nSecurity Fix(es):\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query\nparameters (CVE-2022-2880)\n* golang: archive/tar: unbounded memory consumption when reading headers\n(CVE-2022-2879)\n\nFor more details about the security issue(s), including the impact; a CVSS\nscore; acknowledgments; and other related information refer to the CVE page(s)\nlisted in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0708",
"url": "https://access.redhat.com/errata/RHSA-2023:0708"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2154756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154756"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0708.json"
}
],
"title": "Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.27.0",
"tracking": {
"current_release_date": "2026-05-27T08:35:51+00:00",
"generator": {
"date": "2026-05-27T08:35:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:0708",
"initial_release_date": "2023-02-09T09:28:45+00:00",
"revision_history": [
{
"date": "2023-02-09T09:28:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-02-09T09:28:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T08:35:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Serverless 1.0",
"product": {
"name": "Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:serverless:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Serverless"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:1.6.1-1.el8.src",
"product": {
"name": "openshift-serverless-clients-0:1.6.1-1.el8.src",
"product_id": "openshift-serverless-clients-0:1.6.1-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@1.6.1-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:1.6.1-1.el8.x86_64",
"product": {
"name": "openshift-serverless-clients-0:1.6.1-1.el8.x86_64",
"product_id": "openshift-serverless-clients-0:1.6.1-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@1.6.1-1.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:1.6.1-1.el8.ppc64le",
"product": {
"name": "openshift-serverless-clients-0:1.6.1-1.el8.ppc64le",
"product_id": "openshift-serverless-clients-0:1.6.1-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@1.6.1-1.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:1.6.1-1.el8.s390x",
"product": {
"name": "openshift-serverless-clients-0:1.6.1-1.el8.s390x",
"product_id": "openshift-serverless-clients-0:1.6.1-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@1.6.1-1.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:1.6.1-1.el8.ppc64le as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.ppc64le"
},
"product_reference": "openshift-serverless-clients-0:1.6.1-1.el8.ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:1.6.1-1.el8.s390x as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.s390x"
},
"product_reference": "openshift-serverless-clients-0:1.6.1-1.el8.s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:1.6.1-1.el8.src as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.src"
},
"product_reference": "openshift-serverless-clients-0:1.6.1-1.el8.src",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:1.6.1-1.el8.x86_64 as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.x86_64"
},
"product_reference": "openshift-serverless-clients-0:1.6.1-1.el8.x86_64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-2879",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.\n\n\nThis flaw additionally affects the github.com/vbatts/tar-split library and was fixed in v0.12.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2879"
},
{
"category": "external",
"summary": "RHBZ#2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54853",
"url": "https://github.com/golang/go/issues/54853"
},
{
"category": "external",
"summary": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1",
"url": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T09:28:45+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0708"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T09:28:45+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0708"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T09:28:45+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0708"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T09:28:45+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0708"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.6.1-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
}
]
}
RHSA-2023:0709
Vulnerability from csaf_redhat - Published: 2023-02-09 12:04 - Updated: 2026-05-27 08:35Summary
Red Hat Security Advisory: Release of OpenShift Serverless 1.27.0
Severity
Moderate
Notes
Topic: Release of OpenShift Serverless 1.27.0
The References section contains CVE links providing detailed severity ratings
for each vulnerability. Ratings are based on a Common Vulnerability Scoring
System (CVSS) base score.
Details: Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12.
This release includes security and bug fixes, and enhancements.
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
For more details about the security issues, including the impact; a CVSS score;
acknowledgments; and other related information refer to the CVE pages linked in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
6.5 (Medium)
Affected products
Fixed
108 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
108 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
108 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
108 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
37 references
Acknowledgments
ADA Logics
Adam Korczynski
OSS-Fuzz
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Release of OpenShift Serverless 1.27.0\nThe References section contains CVE links providing detailed severity ratings\nfor each vulnerability. Ratings are based on a Common Vulnerability Scoring\nSystem (CVSS) base score.",
"title": "Topic"
},
{
"category": "general",
"text": "Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat\nOpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. \n\nThis release includes security and bug fixes, and enhancements.\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n\nFor more details about the security issues, including the impact; a CVSS score;\nacknowledgments; and other related information refer to the CVE pages linked in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0709",
"url": "https://access.redhat.com/errata/RHSA-2023:0709"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2154755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154755"
},
{
"category": "external",
"summary": "2154757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154757"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0709.json"
}
],
"title": "Red Hat Security Advisory: Release of OpenShift Serverless 1.27.0",
"tracking": {
"current_release_date": "2026-05-27T08:35:52+00:00",
"generator": {
"date": "2026-05-27T08:35:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:0709",
"initial_release_date": "2023-02-09T12:04:35+00:00",
"revision_history": [
{
"date": "2023-02-09T12:04:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-02-09T12:04:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T08:35:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Serverless 1.27",
"product": {
"name": "Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_serverless:1.27::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Serverless"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x",
"product": {
"name": "openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x",
"product_id": "openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/client-kn-rhel8\u0026tag=1.6.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x",
"product": {
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x",
"product_id": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x",
"product": {
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x",
"product_id": "openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-controller-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x",
"product": {
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x",
"product_id": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-controller-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x",
"product": {
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x",
"product_id": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x",
"product": {
"name": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x",
"product_id": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-kafka-broker-controller-rhel8\u0026tag=1.6.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x",
"product": {
"name": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x",
"product_id": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8\u0026tag=1.6.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x",
"product": {
"name": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x",
"product_id": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-kafka-broker-post-install-rhel8\u0026tag=1.6.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x",
"product": {
"name": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x",
"product_id": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-kafka-broker-receiver-rhel8\u0026tag=1.6.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x",
"product": {
"name": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x",
"product_id": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-kafka-broker-webhook-rhel8\u0026tag=1.6.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x",
"product": {
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x",
"product_id": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-filter-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x",
"product": {
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x",
"product_id": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-ingress-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x",
"product": {
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x",
"product_id": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtchannel-broker-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x",
"product": {
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x",
"product_id": "openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtping-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x",
"product": {
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x",
"product_id": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-storage-version-migration-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x",
"product": {
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x",
"product_id": "openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-webhook-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x",
"product": {
"name": "openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x",
"product_id": "openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x",
"product_identification_helper": {
"purl": "pkg:oci/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/func-utils-rhel8\u0026tag=1.27.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x",
"product": {
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x",
"product_id": "openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/ingress-rhel8-operator\u0026tag=1.27.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x",
"product": {
"name": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x",
"product_id": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x",
"product": {
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x",
"product_id": "openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/knative-rhel8-operator\u0026tag=1.27.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x",
"product": {
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x",
"product_id": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/kn-cli-artifacts-rhel8\u0026tag=1.6.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x",
"product": {
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x",
"product_id": "openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/kourier-control-rhel8\u0026tag=1.6.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x",
"product": {
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x",
"product_id": "openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x",
"product_identification_helper": {
"purl": "pkg:oci/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/svls-must-gather-rhel8\u0026tag=1.27.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x",
"product": {
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x",
"product_id": "openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x",
"product_identification_helper": {
"purl": "pkg:oci/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-controller-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x",
"product": {
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x",
"product_id": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x",
"product_identification_helper": {
"purl": "pkg:oci/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-webhook-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x",
"product": {
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x",
"product_id": "openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serverless-rhel8-operator\u0026tag=1.27.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x",
"product": {
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x",
"product_id": "openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-activator-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x",
"product": {
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x",
"product_id": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-hpa-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x",
"product": {
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x",
"product_id": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x",
"product": {
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x",
"product_id": "openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-controller-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x",
"product": {
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x",
"product_id": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x",
"product": {
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x",
"product_id": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-webhook-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x",
"product": {
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x",
"product_id": "openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-queue-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x",
"product": {
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x",
"product_id": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-storage-version-migration-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x",
"product": {
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x",
"product_id": "openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-webhook-rhel8\u0026tag=1.6.0-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le",
"product": {
"name": "openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le",
"product_id": "openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/client-kn-rhel8\u0026tag=1.6.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le",
"product_id": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le",
"product_id": "openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-controller-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le",
"product_id": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-controller-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le",
"product_id": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le",
"product_id": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-kafka-broker-controller-rhel8\u0026tag=1.6.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le",
"product_id": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8\u0026tag=1.6.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le",
"product_id": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-kafka-broker-post-install-rhel8\u0026tag=1.6.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le",
"product_id": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-kafka-broker-receiver-rhel8\u0026tag=1.6.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le",
"product_id": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-kafka-broker-webhook-rhel8\u0026tag=1.6.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le",
"product_id": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-filter-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le",
"product_id": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-ingress-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le",
"product_id": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtchannel-broker-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le",
"product_id": "openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtping-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le",
"product_id": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-storage-version-migration-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le",
"product_id": "openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-webhook-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le",
"product": {
"name": "openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le",
"product_id": "openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/func-utils-rhel8\u0026tag=1.27.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le",
"product": {
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le",
"product_id": "openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/ingress-rhel8-operator\u0026tag=1.27.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le",
"product": {
"name": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le",
"product_id": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le",
"product": {
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le",
"product_id": "openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/knative-rhel8-operator\u0026tag=1.27.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le",
"product": {
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le",
"product_id": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/kn-cli-artifacts-rhel8\u0026tag=1.6.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le",
"product": {
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le",
"product_id": "openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/kourier-control-rhel8\u0026tag=1.6.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le",
"product": {
"name": "openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le",
"product_id": "openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8\u0026tag=1.27.0-4"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le",
"product": {
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le",
"product_id": "openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/svls-must-gather-rhel8\u0026tag=1.27.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le",
"product": {
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le",
"product_id": "openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-controller-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le",
"product": {
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le",
"product_id": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-webhook-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le",
"product": {
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le",
"product_id": "openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serverless-rhel8-operator\u0026tag=1.27.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le",
"product_id": "openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-activator-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le",
"product_id": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-hpa-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le",
"product_id": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le",
"product_id": "openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-controller-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le",
"product_id": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le",
"product_id": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-webhook-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le",
"product_id": "openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-queue-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le",
"product_id": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-storage-version-migration-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le",
"product_id": "openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-webhook-rhel8\u0026tag=1.6.0-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64",
"product": {
"name": "openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64",
"product_id": "openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/client-kn-rhel8\u0026tag=1.6.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64",
"product": {
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64",
"product_id": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64",
"product": {
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64",
"product_id": "openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-controller-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64",
"product": {
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64",
"product_id": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-controller-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64",
"product": {
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64",
"product_id": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64",
"product": {
"name": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64",
"product_id": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-kafka-broker-controller-rhel8\u0026tag=1.6.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64",
"product": {
"name": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64",
"product_id": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8\u0026tag=1.6.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64",
"product": {
"name": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64",
"product_id": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-kafka-broker-post-install-rhel8\u0026tag=1.6.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64",
"product": {
"name": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64",
"product_id": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-kafka-broker-receiver-rhel8\u0026tag=1.6.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64",
"product": {
"name": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64",
"product_id": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-kafka-broker-webhook-rhel8\u0026tag=1.6.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64",
"product": {
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64",
"product_id": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-filter-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64",
"product": {
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64",
"product_id": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-ingress-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64",
"product": {
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64",
"product_id": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtchannel-broker-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64",
"product": {
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64",
"product_id": "openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtping-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64",
"product": {
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64",
"product_id": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-storage-version-migration-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64",
"product": {
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64",
"product_id": "openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-webhook-rhel8\u0026tag=1.6.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64",
"product": {
"name": "openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64",
"product_id": "openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64",
"product_identification_helper": {
"purl": "pkg:oci/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/func-utils-rhel8\u0026tag=1.27.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64",
"product": {
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64",
"product_id": "openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/ingress-rhel8-operator\u0026tag=1.27.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64",
"product": {
"name": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64",
"product_id": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64",
"product_identification_helper": {
"purl": "pkg:oci/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64",
"product": {
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64",
"product_id": "openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/knative-rhel8-operator\u0026tag=1.27.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64",
"product": {
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64",
"product_id": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/kn-cli-artifacts-rhel8\u0026tag=1.6.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64",
"product": {
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64",
"product_id": "openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/kourier-control-rhel8\u0026tag=1.6.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64",
"product": {
"name": "openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64",
"product_id": "openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8\u0026tag=1.27.0-4"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64",
"product": {
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64",
"product_id": "openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64",
"product_identification_helper": {
"purl": "pkg:oci/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/svls-must-gather-rhel8\u0026tag=1.27.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64",
"product": {
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64",
"product_id": "openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64",
"product_identification_helper": {
"purl": "pkg:oci/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-controller-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64",
"product": {
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64",
"product_id": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-webhook-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64",
"product": {
"name": "openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64",
"product_id": "openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serverless-operator-bundle\u0026tag=1.27.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64",
"product": {
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64",
"product_id": "openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serverless-rhel8-operator\u0026tag=1.27.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64",
"product": {
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64",
"product_id": "openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-activator-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64",
"product": {
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64",
"product_id": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-hpa-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64",
"product": {
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64",
"product_id": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64",
"product": {
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64",
"product_id": "openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-controller-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64",
"product": {
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64",
"product_id": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64",
"product": {
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64",
"product_id": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-webhook-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64",
"product": {
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64",
"product_id": "openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-queue-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64",
"product": {
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64",
"product_id": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-storage-version-migration-rhel8\u0026tag=1.6.0-1"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64",
"product": {
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64",
"product_id": "openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-webhook-rhel8\u0026tag=1.6.0-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x"
},
"product_reference": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64"
},
"product_reference": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le"
},
"product_reference": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64"
},
"product_reference": "openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le"
},
"product_reference": "openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le"
},
"product_reference": "openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64"
},
"product_reference": "openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x"
},
"product_reference": "openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x"
},
"product_reference": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64"
},
"product_reference": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64"
},
"product_reference": "openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x"
},
"product_reference": "openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x"
},
"product_reference": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64"
},
"product_reference": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x"
},
"product_reference": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64"
},
"product_reference": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x"
},
"product_reference": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64"
},
"product_reference": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x"
},
"product_reference": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64"
},
"product_reference": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x"
},
"product_reference": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64"
},
"product_reference": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x"
},
"product_reference": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64"
},
"product_reference": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x"
},
"product_reference": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64"
},
"product_reference": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x"
},
"product_reference": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64"
},
"product_reference": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x"
},
"product_reference": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64"
},
"product_reference": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64"
},
"product_reference": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x"
},
"product_reference": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64"
},
"product_reference": "openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x"
},
"product_reference": "openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x"
},
"product_reference": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64"
},
"product_reference": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64"
},
"product_reference": "openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x"
},
"product_reference": "openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x"
},
"product_reference": "openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64"
},
"product_reference": "openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le"
},
"product_reference": "openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x"
},
"product_reference": "openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64"
},
"product_reference": "openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le"
},
"product_reference": "openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le"
},
"product_reference": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64"
},
"product_reference": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x"
},
"product_reference": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le"
},
"product_reference": "openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x"
},
"product_reference": "openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64"
},
"product_reference": "openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x"
},
"product_reference": "openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le"
},
"product_reference": "openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64"
},
"product_reference": "openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x"
},
"product_reference": "openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64"
},
"product_reference": "openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le"
},
"product_reference": "openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x"
},
"product_reference": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le"
},
"product_reference": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64"
},
"product_reference": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64"
},
"product_reference": "openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64"
},
"product_reference": "openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x"
},
"product_reference": "openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le"
},
"product_reference": "openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64"
},
"product_reference": "openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x"
},
"product_reference": "openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64"
},
"product_reference": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x"
},
"product_reference": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x"
},
"product_reference": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64"
},
"product_reference": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x"
},
"product_reference": "openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64"
},
"product_reference": "openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64"
},
"product_reference": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x"
},
"product_reference": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64"
},
"product_reference": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x"
},
"product_reference": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x"
},
"product_reference": "openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64"
},
"product_reference": "openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64"
},
"product_reference": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x"
},
"product_reference": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64"
},
"product_reference": "openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x"
},
"product_reference": "openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64 as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64"
},
"product_reference": "openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x"
},
"product_reference": "openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x",
"relates_to_product_reference": "8Base-RHOSS-1.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le as a component of Red Hat OpenShift Serverless 1.27",
"product_id": "8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le"
},
"product_reference": "openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.27"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-2879",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.\n\n\nThis flaw additionally affects the github.com/vbatts/tar-split library and was fixed in v0.12.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2879"
},
{
"category": "external",
"summary": "RHBZ#2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54853",
"url": "https://github.com/golang/go/issues/54853"
},
{
"category": "external",
"summary": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1",
"url": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T12:04:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0709"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T12:04:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0709"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T12:04:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0709"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T12:04:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0709"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1d80145cc5c44617c00a10a2e66a3eed56bf862a5841c7d87c654bc200cd70f0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:43a06e21864744fe452ea86fdceca8216692ff5cbd91dd8123b503afc42def51_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:98b0827851c1329692d29b6e6377bd19ce89e6eedfc489b1e87922cda3ffc360_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:074a9bb36fb09b267340dffa59bf5838c9a7eada1ea994a4f289a4a3954b754a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:d5f4f238fa6f0748a2bf82bd986074b00e3a16cdb37c17a34e65243388c77ab6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:066762ef76b5230de2ad59882b4958dec857f7f310945a80b9bd7b39e456d52e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:21506ae01dfe3b135ab38f4ebde8a0e856ece5f54842325a08014c438482a17f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/client-kn-rhel8@sha256:34a540c62a016688fef7d9e8f91ee5c31e4238dae6e5c39c96bc0d3e4247156c_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:36c1d0d041175b37053e3fad8ed9be9ef52c8c723f3fbc0cb64f643b79c4d9ac_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:39be49f6bc90f995a276b5c4e90ee74421a7523e670e3a9f2a9a02e246a41629_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:53cbb881ca949b962c90255713cc49c5f4d0ef0e502000c1ea658f68b57c4f0c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:8ccf5d1ac96da964635684bac099d4c15089992d21dff95484331d0b5e9db364_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:a32a233b579bdcbbdc7d94e38330072ae630ccd72e03c861e8b73ef1813c34e0_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-controller-rhel8@sha256:fc4105db88a098f5fdca01535e59b630fe35c11ed3789b67cf3c3bcd4dc631f8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:366b0a392505019b00ec2a7fe08483a7b9562396b2d3c82761d5e207f893088e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c11d810c92d89f0aee192bedf769f515bf016402f22b5c70c4fe24a53e5d8e15_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c538ed13529d64c7fa5c9f6773013b6570eff14d07365929090028a32c4cbe60_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:251114b498327f05b20d4125c328855e8b020b82ff0b4895b187ad63dc40f095_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:53da51f3aae7f380b7a76fc074c1fa1f4c81ee627a7cb469713ef17764073ba2_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:c2d0cc84bba9bf9778beee88fd7c9a328d9fe1e1aec9e79aaf210368c0472658_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:99b84d833c6cfd4a4b55dfcadf566ee28cc71bf731876c5f8395f2aba17e16ff_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:b9bbff46db019c26734b3e4b49099fe917d9c0fad321bd96d930959b22813152_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:e8cdbbcbda2199dcf24aaf564ec016cf2b2f3cc4cb4049cb25695bc9fa8fce3c_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:37b9ea2bb66eea728d280de5813a68ffc13b9852e589b96533326c5254780186_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:bb4344614b79c81dae4aaa2538a4eddd499d85888f729a199563990aa8a274bf_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:da7db1665161cae1111c06766bf0725e8d27f12a29f7bfe3bd293c4026456cb2_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:667a6f234fec6914cf9aa18781e803cb63ee65c5802d9aec948e5c6532e2951b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:7616e78fd9d6aec51b9efc0cc6c97f395cfd6fc70ff99d98f3436f017cf81bf0_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:8c36e77eb3eb1eaa38572659c694648f1de30b96dfd52ef779e636cf61b1a5e7_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:72449c3e286fea2f63ec2d2ed3be583d1da8acedf44c6faae9fbed7c3ddb2eca_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:a1d79e3cb39a2d38b5bb5c4c5f9686162763c1d12dcec2d6faeeb0b04590001d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2809d416dfd299f0c9f325b1576c1efcc8d02bda119c50213cd0aa01c32bbd4_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:22bb4014d6805e6f0b08b0d150e86f1b8dcbb6df05417e5cc019508595d417c3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:379a38af6c07e9bd2d46cacdbe5d3e5f9aad0a2d6a21f0ce76d0185233299211_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:ab604efadfdd3c94e42e225dc47db55e69abd51391c56311d7e0aa91a0eb2b7e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:1b4eb85fc221bd51d32889c23cdb05d8855a7e02f4919eb895cec25d44fd1b48_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:a477bdc0673562807813787a13515565d335bd5243d3fc1bf94b737b5a8c1f76_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ad29ba8714a4a6af6a5ad293a60b1c705987d70c7297766df9f9f383abe7bd17_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:219ca6a3e578c2bed7e06450d49d10f4601e669e7adc28aca307ae9db071bfd5_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:64b460390891c15c904ad949849108dbea43dbbf6b1c545a48d8bded146f9fbc_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:fb814af61077e35d0d8a96dd60ffb390c2be81d1782ef17819fc765fd814bfe0_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c5308868ba02c7c47c1ade5dbdeccee113b0a99ff49b69b1b2da16e6538ca51f_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c826b4bdcaf6657d9b58e65f44a42853a8c86942f81ffbec1bca5e2db7e3909e_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f4d6e84c42778ef6bf8118887a2a6000f688597d6d4e5ecb8cef81207b8884fb_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:8776cdc857f7b586e6ea22e2486f18be910f56d94c66e6bef87f092f8c5cf299_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:96533c54a94b912a0638c670c6f35c673c0ee901a0f44fb2d3293b04392d004e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-mtping-rhel8@sha256:bee98500c24775c70aa3d33f2f7ff671b362723c6723cd762cc44cacd216dce9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:27ad8ae07fc1dd9934af0a99bc37ff3f0158cff5bba9f51f27010423a35d989e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:5fd4975be0be5ab55b36705a26e5c1f775d9595126c3c2dcfefbb9061356bf47_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:9cabc5856ae4e07a47df3770a4cfdf785cab0b9e311b23dd8ea353db7209fcd9_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:0e2b6ec7b669a0f18adf8aaf18d9c11e552aea95d1b1cc3de4abd63481026419_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:1e357dee672d6d540effd90f881d428a69f38e1d3f4d081d26f0b166db7bd970_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/eventing-webhook-rhel8@sha256:956a2bae2dc2d47ac98d7cf735690fc81ab38334707541dcacfdce1787ec8b70_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:167dffe56a2e2e86b201af406e7da7843ad04513f978c20dbabf641ed85f3f46_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:53762222605baad036ccb04cb54834f3082ed181a57b21df7edae964d4fa5979_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/func-utils-rhel8@sha256:85d76721636f005b19dbc513bc8dbf7e395b25d59827cce9228c2d56b1fa853d_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:2d8a2bc15553f5936c35acc9a644da5307ee0e35791502dbd59d4ff1e8fef3b7_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:4375602be5bb230b0062e65922bda50b50851e2068fdf1048aaeee07e77d3a38_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/ingress-rhel8-operator@sha256:d36276ac758085bc20d232b41c801ee55e72f4bc8416675267f603d5db5d4ea8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:06c53bb69206561a3ea891adb64ddbe7d82ecd6f4b6e2fc93098c4489eabd385_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:41c1f15c5fcbcb55c2629d88924008aae2b3121e0501aac41c4eb417129ff56a_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:b3ca782b652c308e5c381e7e4256ae549427c051c460286fd381a28942fb107d_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:248b380cae9269a2143bfd70615c73ea85b2c7363c092e19e6acf2d91744bc08_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:43af08a667f2fd954a9203862f38e7bf4368dfe5a31f70fe58e511638457cffd_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/knative-rhel8-operator@sha256:671aa3afae600cac99a3cf1ea80b966921fe2907b58b95a9f8e557767d59e40e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:00773662d531f8783d776eaa4852c61881bdaecc973ca4f8d5445d719e78a8cc_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:32c14615dc05dd9b7cbe44987027f32db31023b298095da0839335a0a0d82cce_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/kourier-control-rhel8@sha256:7e18a70d72c42792e957bc737d76c06c188c9f79a6beab691ef672304ea3e220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:336e32718744c81099f3d2f681c97e4185904541c16117fc0137ec30fc4f8259_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ced83c6d15acb298d4bb7126ecf41dfb5d50cc1e05563792fa4ae813103d4220_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-controller-rhel8@sha256:ddf6a717413d1000e08a252760f7fcf935789c1130d30a4b91c1b2f8d6a2aefe_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:25fa11b37a2180e2f9b6b21b9af4775dd0f295e8be7660685e191134aef84235_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b16893f56ee159d6defc563a7f1c701f08c7a9abead5f82e15eef373309dc90f_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/net-istio-webhook-rhel8@sha256:c1b866fc57c91d615eed17cb3377a937a72f742e83ae067a8c1d69132aaa4ee1_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-operator-bundle@sha256:832677abddada05258b4610b6584d442dd20c5bdd55ae8fbddb83ac133b3f12e_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:0a1746607ad45067ed0b577bdbd69a577b29642dd809e91d90e1f64660c46656_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:48b12f0782982c2616d6d0719cdb3b07abd7798dad84b91b19ae6c55b5171f40_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serverless-rhel8-operator@sha256:e24cb22645d0b9dd670d600e4e1aab78e6586c9204a4d72cbb99f6842cdf2fd8_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:034b6f6f397458f68919b6b57804e920d20d34d235f4dd973c1d170752fa9451_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:602a52d96b16eb2aa91250526f014ba77c3b7b9eb3c2229f0eb43ddb29b15e22_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-activator-rhel8@sha256:b6ad4ee77516349a92ee941fe88d043fa256b47f000b0d5cc3003292af67b894_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:3b784f79945daef1ae4a9282a7f903f9a878b50c5c4b9fed244fa60109493eff_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91666288758c92c41dd99f048f9d822bb99e1c5c7bd478f7f6f3b29ee300a072_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:91ebeef9f9fd209bf50eb770c7fe1cc192a9f412f1294223ef1957f465b94c04_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:142072ee8a97c61524f38ac2704546c3918ad98fdbc737664e71fc577c935f4b_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:3b813491ec0febc66a80a65162b5df0dbcde5b409c3c4e5e0ce328e076be4bd3_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-autoscaler-rhel8@sha256:71fe16ac1d6d8684846c1e497ec0783869fe7f7e91fb78a01a4b31d86b2c1da8_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:859b16a2f48472d4c08ac9b6640165ee01c86e9c8dc761b7fa340ceb9252ea60_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:87444fd8cdc0aec69e7a16f3c1f9f9598116fadd75b0ee44bcb85210942d492a_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-controller-rhel8@sha256:91647da625ea5d54a1870ff929c74608978fd25eeaa56d5667d61a490f8f0996_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7628d34b3a1fba4d964ba89cf242354edfb4f15bfdddbd36fe260d87646a4b6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:bca9d79f0b722cf4a858aa624bd14c4da9b22641b9ea9e0d4fa5fcbb70bf78be_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c063ee5fe6ef05acf91e65bbd1a928324f34ac6e7edb3294631ac4201234d43b_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:1afba2ff3b9190506ea6485097f0b167d57e6f8b6408bccf7064666344be2877_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:739bfcbd169585aae228b7193dc0c5c6b19bcb790817c79d99e8441ed93e2caa_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:a92ee7db7b992bcdecdbdc4d65dc2de63b1f7d52c787d4b137a8c2d771e078aa_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:5be475ced8fc286edf60ed9e7957d58d61b856e2505fa68f15bad8b65cb4681e_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:cab8eb521731e6eca0a6e2501f819868c3cebf1914f463a9cbc86e4d94aeb5f5_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-queue-rhel8@sha256:ff3ed30d6e974dfc625f566df506b88d1c8ccdf1a6888371c011487fd5a3d9e6_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:02cc9021895e2de82011e9d8c44699f1b227c85bce52ea4e5e7c8560079763c7_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1abe29e84130aa14bf5c28d96a2e1af2bc934b7a463212e93d96d950080b9504_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7a6714bc1deb053025bb144e02b2e62cecc154481cacc2a5c15f8c72a2e5c820_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:3e690975f2bfcd212b1fbc0efd6755c5241baf75e078fa5cb8a6e4c2200e35a6_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:65069229bd8647d34971d1ba57d8042c562170ac9806c3957e00fcb66803b534_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/serving-webhook-rhel8@sha256:8f23bf7a2ad656544df092d6ccd86d941adc2015e7f3108136ea4113b7ae1b92_ppc64le",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:232cae83570598f6e9fcf45d633d2c9b244dd5b0ad8bae0dbdad28ff9840a181_amd64",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:7f8dc0be6beb880a268d0d93710b24b7d1de085d427f1f9adb7022d3ec5f9d36_s390x",
"8Base-RHOSS-1.27:openshift-serverless-1/svls-must-gather-rhel8@sha256:cbe3cd2337cf7dde535d225d489b7f954e6fcaca012a45d51c7256b8bb537e1a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
}
]
}
RHSA-2023:1042
Vulnerability from csaf_redhat - Published: 2023-03-06 18:38 - Updated: 2026-05-28 02:50Summary
Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift (with security updates)
Severity
Moderate
Notes
Topic: Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Custom Metrics Autoscaler Operator for Red Hat OpenShift is an optional
operator, based on the Kubernetes Event Driven Autoscaler (KEDA), that allows workloads to be scaled using additional metrics sources other than pod metrics.
This release builds upon updated compiler, runtime library, and base images for the purpose of resolving any potential security issues present in previous toolset versions.
This version makes use of newer tools and libraries to address the following issues:
golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)
golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — |
Threats
Impact
Low
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
References
102 references
Acknowledgments
ADA Logics
Adam Korczynski
OSS-Fuzz
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Custom Metrics Autoscaler Operator for Red Hat OpenShift is an optional\noperator, based on the Kubernetes Event Driven Autoscaler (KEDA), that allows workloads to be scaled using additional metrics sources other than pod metrics.\nThis release builds upon updated compiler, runtime library, and base images for the purpose of resolving any potential security issues present in previous toolset versions.\n\nThis version makes use of newer tools and libraries to address the following issues:\ngolang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\ngolang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\ngolang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\ngolang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\ngolang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\ngolang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\ngolang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\ngolang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\ngolang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\ngolang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\ngolang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\ngolang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\ngolang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\ngolang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)\ngolang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1042",
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "2100763",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100763"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "2113945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113945"
},
{
"category": "external",
"summary": "2118404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118404"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2134010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134010"
},
{
"category": "external",
"summary": "OCPNODE-1260",
"url": "https://issues.redhat.com/browse/OCPNODE-1260"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1042.json"
}
],
"title": "Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift (with security updates)",
"tracking": {
"current_release_date": "2026-05-28T02:50:27+00:00",
"generator": {
"date": "2026-05-28T02:50:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:1042",
"initial_release_date": "2023-03-06T18:38:53+00:00",
"revision_history": [
{
"date": "2023-03-06T18:38:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-06T18:38:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T02:50:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Custom Metrics Autoscaler 2",
"product": {
"name": "OpenShift Custom Metrics Autoscaler 2",
"product_id": "8Base-OCMA-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Custom Metrics Autoscaler"
},
{
"branches": [
{
"category": "product_version",
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"product": {
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"product_id": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8\u0026tag=2.8.2-143"
}
}
},
{
"category": "product_version",
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64",
"product": {
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64",
"product_id": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8\u0026tag=2.8.2-143"
}
}
},
{
"category": "product_version",
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"product": {
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"product_id": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle\u0026tag=2.8.2-143"
}
}
},
{
"category": "product_version",
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"product": {
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"product_id": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator\u0026tag=2.8.2-143"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 as a component of OpenShift Custom Metrics Autoscaler 2",
"product_id": "8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64"
},
"product_reference": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"relates_to_product_reference": "8Base-OCMA-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 as a component of OpenShift Custom Metrics Autoscaler 2",
"product_id": "8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64"
},
"product_reference": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"relates_to_product_reference": "8Base-OCMA-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 as a component of OpenShift Custom Metrics Autoscaler 2",
"product_id": "8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
},
"product_reference": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"relates_to_product_reference": "8Base-OCMA-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 as a component of OpenShift Custom Metrics Autoscaler 2",
"product_id": "8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
},
"product_reference": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64",
"relates_to_product_reference": "8Base-OCMA-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"cve": "CVE-2022-1962",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: go/parser: stack exhaustion in all Parse* functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1962"
},
{
"category": "external",
"summary": "RHBZ#2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
},
{
"category": "external",
"summary": "https://go.dev/issue/53616",
"url": "https://go.dev/issue/53616"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: go/parser: stack exhaustion in all Parse* functions"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-2879",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.\n\n\nThis flaw additionally affects the github.com/vbatts/tar-split library and was fixed in v0.12.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2879"
},
{
"category": "external",
"summary": "RHBZ#2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54853",
"url": "https://github.com/golang/go/issues/54853"
},
{
"category": "external",
"summary": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1",
"url": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-28131",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability exists in the calling of the function decoder.skip to a deeply nested XML document. Although the vulnerability exists, it may require that the application accept deeply nested XML from untrusted sources and specifically calls Decoder.Skip on it. In many deployments, that code path might not even be reachable or exposed to external input. On top of that, a successful exploitation will only result in denial of service due to stack exhaustion, which is why this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28131"
},
{
"category": "external",
"summary": "RHBZ#2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
},
{
"category": "external",
"summary": "https://go.dev/issue/53614",
"url": "https://go.dev/issue/53614"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077689"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: panic caused by oversized scalar",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28327"
},
{
"category": "external",
"summary": "RHBZ#2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: panic caused by oversized scalar"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30633",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Unmarshal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has marked this as moderate impact for two primary reasons\n1. Though the vulnerability exists, it is hard to exploit in real scenarios (e.g., the attacker must be able to feed crafted XML documents into specific code paths).\n2. The vulnerability is a denial of service (DoS) due to stack exhaustion rather than code execution or data breach. Since it doesn\u2019t compromise confidentiality or integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30633"
},
{
"category": "external",
"summary": "RHBZ#2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
},
{
"category": "external",
"summary": "https://go.dev/issue/53611",
"url": "https://go.dev/issue/53611"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: encoding/xml: stack exhaustion in Unmarshal"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
},
{
"cve": "CVE-2022-32149",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2022-10-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134010"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "After careful analysis of the vulnerability Redhat is choosing to keep the vulnerability severity as moderate,the vulnerability exists in the ParseAcceptLanguage function of the golang text/language package,when an attacker could craft an unusually large accept header and due to the parser taking quadratic time complexity to finish, firstly the attacker would have to find a way smuggle an input to the parser and even then this would simply not result in a crash of any kind but more of resource hang which while can be unpleasant,does not equate to any real world damage.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32149"
},
{
"category": "external",
"summary": "RHBZ#2134010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134010"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149"
},
{
"category": "external",
"summary": "https://go.dev/issue/56152",
"url": "https://go.dev/issue/56152"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU",
"url": "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU"
}
],
"release_date": "2022-10-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
}
]
}
RHSA-2023:1275
Vulnerability from csaf_redhat - Published: 2023-03-15 19:58 - Updated: 2026-05-27 20:32Summary
Red Hat Security Advisory: Red Hat OpenStack Platform (etcd) security update
Severity
Important
Notes
Topic: An update for etcd is now available for Red Hat OpenStack Platform.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: etcd is a highly-available key value store for shared configuration.
The following Important impact security fix(es) are applicable to Red Hat OpenStack Platform 17.0 (Wallaby), 16.2 (Train), and 16.1 (Train):
* Improve heuristics preventing CPU/memory abuse by parsing malicious or
large YAML documents (CVE-2022-3064)
As a result of being built by golang 1.18.9, the following Moderate impact security fix(es) are applicable to Red Hat OpenStack Platform 16.2 and 16.1:
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
As a result of being built by golang 1.18.9, the following Low impact security fix(es) are applicable to Red Hat OpenStack Platform 16.2 and 16.1:
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
CWE-331 - Insufficient EntropyAffected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.
6.5 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
86 references
Acknowledgments
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
ADA Logics
Adam Korczynski
OSS-Fuzz
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for etcd is now available for Red Hat OpenStack Platform.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "etcd is a highly-available key value store for shared configuration.\n\nThe following Important impact security fix(es) are applicable to Red Hat OpenStack Platform 17.0 (Wallaby), 16.2 (Train), and 16.1 (Train):\n\n* Improve heuristics preventing CPU/memory abuse by parsing malicious or\nlarge YAML documents (CVE-2022-3064)\n\nAs a result of being built by golang 1.18.9, the following Moderate impact security fix(es) are applicable to Red Hat OpenStack Platform 16.2 and 16.1:\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nAs a result of being built by golang 1.18.9, the following Low impact security fix(es) are applicable to Red Hat OpenStack Platform 16.2 and 16.1:\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1275",
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2163037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163037"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1275.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform (etcd) security update",
"tracking": {
"current_release_date": "2026-05-27T20:32:40+00:00",
"generator": {
"date": "2026-05-27T20:32:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:1275",
"initial_release_date": "2023-03-15T19:58:09+00:00",
"revision_history": [
{
"date": "2023-03-15T19:58:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-15T19:58:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T20:32:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.1",
"product": {
"name": "Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.1::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.2",
"product": {
"name": "Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-12.el8ost.src",
"product": {
"name": "etcd-0:3.3.23-12.el8ost.src",
"product_id": "etcd-0:3.3.23-12.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-12.el8ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-12.el8ost.x86_64",
"product": {
"name": "etcd-0:3.3.23-12.el8ost.x86_64",
"product_id": "etcd-0:3.3.23-12.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-12.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"product": {
"name": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"product_id": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-12.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"product": {
"name": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"product_id": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-12.el8ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-12.el8ost.ppc64le",
"product": {
"name": "etcd-0:3.3.23-12.el8ost.ppc64le",
"product_id": "etcd-0:3.3.23-12.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-12.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"product": {
"name": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"product_id": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-12.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"product": {
"name": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"product_id": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-12.el8ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le"
},
"product_reference": "etcd-0:3.3.23-12.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-12.el8ost.src as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src"
},
"product_reference": "etcd-0:3.3.23-12.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64"
},
"product_reference": "etcd-0:3.3.23-12.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le"
},
"product_reference": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64"
},
"product_reference": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le"
},
"product_reference": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
},
"product_reference": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le"
},
"product_reference": "etcd-0:3.3.23-12.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-12.el8ost.src as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src"
},
"product_reference": "etcd-0:3.3.23-12.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64"
},
"product_reference": "etcd-0:3.3.23-12.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le"
},
"product_reference": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64"
},
"product_reference": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le"
},
"product_reference": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
},
"product_reference": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-3064",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2163037"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHC package for Red Hat Enterprise Linux 9 mark as Low severity as we do ship the affected code but it\u0027s not easily exposed because YAML files are not parsed by RHC.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3064"
},
{
"category": "external",
"summary": "RHBZ#2163037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163037"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3064",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3064"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3064",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3064"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-6q6q-88xp-6f2r",
"url": "https://github.com/advisories/GHSA-6q6q-88xp-6f2r"
},
{
"category": "external",
"summary": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5",
"url": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5"
},
{
"category": "external",
"summary": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4",
"url": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-0956",
"url": "https://pkg.go.dev/vuln/GO-2022-0956"
}
],
"release_date": "2022-08-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:1529
Vulnerability from csaf_redhat - Published: 2023-03-30 00:42 - Updated: 2026-05-28 02:50Summary
Red Hat Security Advisory: Service Telemetry Framework 1.5 security update
Severity
Moderate
Notes
Topic: An update is now available for Service Telemetry Framework 1.5.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage, retrieval, and monitoring.
Security Fix(es):
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability.
6.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
CWE-331 - Insufficient EntropyAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Low
A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Workaround
|
Threats
Impact
Low
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 | — | ||
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 | — |
Threats
Impact
Moderate
References
100 references
Acknowledgments
Joël Gähwiler
ADA Logics
Adam Korczynski
OSS-Fuzz
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Service Telemetry Framework 1.5.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage, retrieval, and monitoring.\n\nSecurity Fix(es):\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1529",
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "2092544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092544"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2176537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176537"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1529.json"
}
],
"title": "Red Hat Security Advisory: Service Telemetry Framework 1.5 security update",
"tracking": {
"current_release_date": "2026-05-28T02:50:29+00:00",
"generator": {
"date": "2026-05-28T02:50:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:1529",
"initial_release_date": "2023-03-30T00:42:39+00:00",
"revision_history": [
{
"date": "2023-03-30T00:42:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-30T00:42:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T02:50:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Service Telemetry Framework 1.5 for RHEL 8",
"product": {
"name": "Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:stf:1.5::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"product": {
"name": "stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"product_id": "stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f?arch=amd64\u0026repository_url=registry.redhat.io/stf/prometheus-webhook-snmp-rhel8\u0026tag=1.5.2-2"
}
}
},
{
"category": "product_version",
"name": "stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"product": {
"name": "stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"product_id": "stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"product_identification_helper": {
"purl": "pkg:oci/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717?arch=amd64\u0026repository_url=registry.redhat.io/stf/service-telemetry-operator-bundle\u0026tag=1.5.1678301890-1"
}
}
},
{
"category": "product_version",
"name": "stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"product": {
"name": "stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"product_id": "stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0?arch=amd64\u0026repository_url=registry.redhat.io/stf/service-telemetry-rhel8-operator\u0026tag=1.5.1-2"
}
}
},
{
"category": "product_version",
"name": "stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"product": {
"name": "stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"product_id": "stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28?arch=amd64\u0026repository_url=registry.redhat.io/stf/sg-bridge-rhel8\u0026tag=1.5.0-12"
}
}
},
{
"category": "product_version",
"name": "stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"product": {
"name": "stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"product_id": "stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"product_identification_helper": {
"purl": "pkg:oci/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37?arch=amd64\u0026repository_url=registry.redhat.io/stf/sg-core-rhel8\u0026tag=5.1.1-2"
}
}
},
{
"category": "product_version",
"name": "stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"product": {
"name": "stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"product_id": "stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"product_identification_helper": {
"purl": "pkg:oci/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546?arch=amd64\u0026repository_url=registry.redhat.io/stf/smart-gateway-operator-bundle\u0026tag=5.0.1678301890-1"
}
}
},
{
"category": "product_version",
"name": "stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64",
"product": {
"name": "stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64",
"product_id": "stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64",
"product_identification_helper": {
"purl": "pkg:oci/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471?arch=amd64\u0026repository_url=registry.redhat.io/stf/smart-gateway-rhel8-operator\u0026tag=5.0.1-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64"
},
"product_reference": "stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64"
},
"product_reference": "stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64"
},
"product_reference": "stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64"
},
"product_reference": "stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
},
"product_reference": "stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64"
},
"product_reference": "stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
},
"product_reference": "stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"cve": "CVE-2022-23772",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053532"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "RHBZ#2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString"
},
{
"cve": "CVE-2022-23773",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053541"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "RHBZ#2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
},
{
"cve": "CVE-2022-23806",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053429"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nThe vulnerability lies in the crypto/elliptic: IsOnCurve taking in negative and invalid forms of data input and resulting in a panic, the resulting invalid data input is also resulting in data sinks in other functions such as marshall that handle elliptic curve cryptography by converting points on an elliptic curve into a binary format for storage or transmission and scalarmult which provides scalar multiplication, all three function takes in invalid forms of data and results in a crash, although the main culprit being isoncurve function, considering the attack complexity being high as the data that reaches the vulnerable function could already be stripped of negative sign and the resultant successful exploitation only leading to a panic/crash the vulnerability has been rated as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "RHBZ#2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
},
{
"cve": "CVE-2022-24675",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077688"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/pem: fix stack overflow in Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24675"
},
{
"category": "external",
"summary": "RHBZ#2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/pem: fix stack overflow in Decode"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077689"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: panic caused by oversized scalar",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28327"
},
{
"category": "external",
"summary": "RHBZ#2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: panic caused by oversized scalar"
},
{
"acknowledgments": [
{
"names": [
"Jo\u00ebl G\u00e4hwiler"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-29526",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2022-05-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2084085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: faccessat checks wrong group",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29526"
},
{
"category": "external",
"summary": "RHBZ#2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
"url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
}
],
"release_date": "2022-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: faccessat checks wrong group"
},
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"known_not_affected": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T00:42:39+00:00",
"details": "The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:a53c3dc5955a72913788a3eeda32f725b2f5ef6e893022cc358f20414eb5074f_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:617009676fbc385e222f144f79819b2cdcdafb28ae8674a53cdf8676f69d3717_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:f71352691d5e680eb09a67ef2e7208a40a10a0b781b451150ced7408dfc603d0_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:d42174e8f6fbc91666ee2d78483f362f4de3f0ea551ea6d2bf310dadb1b5ba28_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:f3ac213d5ff7470ad8a9175fa699033c5c2ee7cd6cf5eb5f4e081de00e94cd37_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:08209b33986a186c90ec84140c833fdd892358583d3a7cb8c73f4732fe210546_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9ea6481e460623bd551f5facb1d8cee105103ad380a32cb3efcc0714b60db471_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:2167
Vulnerability from csaf_redhat - Published: 2023-05-09 09:50 - Updated: 2026-05-27 08:36Summary
Red Hat Security Advisory: grafana security and enhancement update
Severity
Moderate
Notes
Topic: An update for grafana is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)
* grafana: using email as a username can block other users from signing in (CVE-2022-39229)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username (or email) in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with this front proxy.
6.6 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Grafana web application. When a user logs into the system, either the username or email address can be used. However, the login system allows both a username and connected email to be registered, which could allow an attacker to prevent a user which has an associated email address access.
4.3 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
37 references
Acknowledgments
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
ADA Logics
Adam Korczynski
OSS-Fuzz
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nSecurity Fix(es):\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)\n\n* grafana: using email as a username can block other users from signing in (CVE-2022-39229)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2167",
"url": "https://access.redhat.com/errata/RHSA-2023:2167"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "2095421",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095421"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2125514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125514"
},
{
"category": "external",
"summary": "2127218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127218"
},
{
"category": "external",
"summary": "2131149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131149"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2167.json"
}
],
"title": "Red Hat Security Advisory: grafana security and enhancement update",
"tracking": {
"current_release_date": "2026-05-27T08:36:16+00:00",
"generator": {
"date": "2026-05-27T08:36:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:2167",
"initial_release_date": "2023-05-09T09:50:53+00:00",
"revision_history": [
{
"date": "2023-05-09T09:50:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T09:50:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T08:36:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.0.9-2.el9.src",
"product": {
"name": "grafana-0:9.0.9-2.el9.src",
"product_id": "grafana-0:9.0.9-2.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.0.9-2.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.0.9-2.el9.aarch64",
"product": {
"name": "grafana-0:9.0.9-2.el9.aarch64",
"product_id": "grafana-0:9.0.9-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.0.9-2.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.0.9-2.el9.aarch64",
"product": {
"name": "grafana-debugsource-0:9.0.9-2.el9.aarch64",
"product_id": "grafana-debugsource-0:9.0.9-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.0.9-2.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"product": {
"name": "grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"product_id": "grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.0.9-2.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.0.9-2.el9.ppc64le",
"product": {
"name": "grafana-0:9.0.9-2.el9.ppc64le",
"product_id": "grafana-0:9.0.9-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.0.9-2.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"product": {
"name": "grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"product_id": "grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.0.9-2.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"product": {
"name": "grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"product_id": "grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.0.9-2.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.0.9-2.el9.x86_64",
"product": {
"name": "grafana-0:9.0.9-2.el9.x86_64",
"product_id": "grafana-0:9.0.9-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.0.9-2.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.0.9-2.el9.x86_64",
"product": {
"name": "grafana-debugsource-0:9.0.9-2.el9.x86_64",
"product_id": "grafana-debugsource-0:9.0.9-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.0.9-2.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"product": {
"name": "grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"product_id": "grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.0.9-2.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.0.9-2.el9.s390x",
"product": {
"name": "grafana-0:9.0.9-2.el9.s390x",
"product_id": "grafana-0:9.0.9-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.0.9-2.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.0.9-2.el9.s390x",
"product": {
"name": "grafana-debugsource-0:9.0.9-2.el9.s390x",
"product_id": "grafana-debugsource-0:9.0.9-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.0.9-2.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.0.9-2.el9.s390x",
"product": {
"name": "grafana-debuginfo-0:9.0.9-2.el9.s390x",
"product_id": "grafana-debuginfo-0:9.0.9-2.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.0.9-2.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.0.9-2.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64"
},
"product_reference": "grafana-0:9.0.9-2.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.0.9-2.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le"
},
"product_reference": "grafana-0:9.0.9-2.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.0.9-2.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x"
},
"product_reference": "grafana-0:9.0.9-2.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.0.9-2.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src"
},
"product_reference": "grafana-0:9.0.9-2.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.0.9-2.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64"
},
"product_reference": "grafana-0:9.0.9-2.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.0.9-2.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64"
},
"product_reference": "grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.0.9-2.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le"
},
"product_reference": "grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.0.9-2.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x"
},
"product_reference": "grafana-debuginfo-0:9.0.9-2.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.0.9-2.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64"
},
"product_reference": "grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.0.9-2.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64"
},
"product_reference": "grafana-debugsource-0:9.0.9-2.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.0.9-2.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le"
},
"product_reference": "grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.0.9-2.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x"
},
"product_reference": "grafana-debugsource-0:9.0.9-2.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.0.9-2.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64"
},
"product_reference": "grafana-debugsource-0:9.0.9-2.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T09:50:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2167"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T09:50:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2167"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-35957",
"cwe": {
"id": "CWE-288",
"name": "Authentication Bypass Using an Alternate Path or Channel"
},
"discovery_date": "2022-09-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2125514"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username (or email) in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with this front proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Escalation from admin to server admin when auth proxy is used",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-35957"
},
{
"category": "external",
"summary": "RHBZ#2125514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125514"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-35957",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35957"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T09:50:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2167"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Escalation from admin to server admin when auth proxy is used"
},
{
"cve": "CVE-2022-39229",
"discovery_date": "2022-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2131149"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Grafana web application. When a user logs into the system, either the username or email address can be used. However, the login system allows both a username and connected email to be registered, which could allow an attacker to prevent a user which has an associated email address access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: using email as a username can block other users from signing in",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39229"
},
{
"category": "external",
"summary": "RHBZ#2131149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39229"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T09:50:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2167"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: using email as a username can block other users from signing in"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T09:50:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2167"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.src",
"AppStream-9.2.0.GA:grafana-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debuginfo-0:9.0.9-2.el9.x86_64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.aarch64",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.s390x",
"AppStream-9.2.0.GA:grafana-debugsource-0:9.0.9-2.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
}
]
}
RHSA-2023:2177
Vulnerability from csaf_redhat - Published: 2023-05-09 10:11 - Updated: 2026-04-29 18:02Summary
Red Hat Security Advisory: grafana-pcp security and enhancement update
Severity
Moderate
Notes
Topic: An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.
Security Fix(es):
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.\n\nSecurity Fix(es):\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2177",
"url": "https://access.redhat.com/errata/RHSA-2023:2177"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2127038",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127038"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2177.json"
}
],
"title": "Red Hat Security Advisory: grafana-pcp security and enhancement update",
"tracking": {
"current_release_date": "2026-04-29T18:02:43+00:00",
"generator": {
"date": "2026-04-29T18:02:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2023:2177",
"initial_release_date": "2023-05-09T10:11:13+00:00",
"revision_history": [
{
"date": "2023-05-09T10:11:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T10:11:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-29T18:02:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-1.el9.src",
"product": {
"name": "grafana-pcp-0:5.1.1-1.el9.src",
"product_id": "grafana-pcp-0:5.1.1-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-1.el9.aarch64",
"product": {
"name": "grafana-pcp-0:5.1.1-1.el9.aarch64",
"product_id": "grafana-pcp-0:5.1.1-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.1.1-1.el9.aarch64",
"product": {
"name": "grafana-pcp-debugsource-0:5.1.1-1.el9.aarch64",
"product_id": "grafana-pcp-debugsource-0:5.1.1-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.1.1-1.el9.aarch64",
"product": {
"name": "grafana-pcp-debuginfo-0:5.1.1-1.el9.aarch64",
"product_id": "grafana-pcp-debuginfo-0:5.1.1-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-1.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-1.el9.ppc64le",
"product": {
"name": "grafana-pcp-0:5.1.1-1.el9.ppc64le",
"product_id": "grafana-pcp-0:5.1.1-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.1.1-1.el9.ppc64le",
"product": {
"name": "grafana-pcp-debugsource-0:5.1.1-1.el9.ppc64le",
"product_id": "grafana-pcp-debugsource-0:5.1.1-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.1.1-1.el9.ppc64le",
"product": {
"name": "grafana-pcp-debuginfo-0:5.1.1-1.el9.ppc64le",
"product_id": "grafana-pcp-debuginfo-0:5.1.1-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-1.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-1.el9.x86_64",
"product": {
"name": "grafana-pcp-0:5.1.1-1.el9.x86_64",
"product_id": "grafana-pcp-0:5.1.1-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.1.1-1.el9.x86_64",
"product": {
"name": "grafana-pcp-debugsource-0:5.1.1-1.el9.x86_64",
"product_id": "grafana-pcp-debugsource-0:5.1.1-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.1.1-1.el9.x86_64",
"product": {
"name": "grafana-pcp-debuginfo-0:5.1.1-1.el9.x86_64",
"product_id": "grafana-pcp-debuginfo-0:5.1.1-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-1.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-1.el9.s390x",
"product": {
"name": "grafana-pcp-0:5.1.1-1.el9.s390x",
"product_id": "grafana-pcp-0:5.1.1-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.1.1-1.el9.s390x",
"product": {
"name": "grafana-pcp-debugsource-0:5.1.1-1.el9.s390x",
"product_id": "grafana-pcp-debugsource-0:5.1.1-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.1.1-1.el9.s390x",
"product": {
"name": "grafana-pcp-debuginfo-0:5.1.1-1.el9.s390x",
"product_id": "grafana-pcp-debuginfo-0:5.1.1-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-1.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.aarch64"
},
"product_reference": "grafana-pcp-0:5.1.1-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.ppc64le"
},
"product_reference": "grafana-pcp-0:5.1.1-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.s390x"
},
"product_reference": "grafana-pcp-0:5.1.1-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.src"
},
"product_reference": "grafana-pcp-0:5.1.1-1.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.x86_64"
},
"product_reference": "grafana-pcp-0:5.1.1-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.1.1-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.aarch64"
},
"product_reference": "grafana-pcp-debuginfo-0:5.1.1-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.1.1-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.ppc64le"
},
"product_reference": "grafana-pcp-debuginfo-0:5.1.1-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.1.1-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.s390x"
},
"product_reference": "grafana-pcp-debuginfo-0:5.1.1-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.1.1-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.x86_64"
},
"product_reference": "grafana-pcp-debuginfo-0:5.1.1-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.1.1-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.aarch64"
},
"product_reference": "grafana-pcp-debugsource-0:5.1.1-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.1.1-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.ppc64le"
},
"product_reference": "grafana-pcp-debugsource-0:5.1.1-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.1.1-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.s390x"
},
"product_reference": "grafana-pcp-debugsource-0:5.1.1-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.1.1-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.x86_64"
},
"product_reference": "grafana-pcp-debugsource-0:5.1.1-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.aarch64",
"AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.s390x",
"AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.src",
"AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.x86_64",
"AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.aarch64",
"AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.s390x",
"AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.x86_64",
"AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.aarch64",
"AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.s390x",
"AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:11:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.aarch64",
"AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.s390x",
"AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.src",
"AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.x86_64",
"AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.aarch64",
"AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.s390x",
"AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.x86_64",
"AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.aarch64",
"AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.s390x",
"AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2177"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.aarch64",
"AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.s390x",
"AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.src",
"AppStream-9.2.0.GA:grafana-pcp-0:5.1.1-1.el9.x86_64",
"AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.aarch64",
"AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.s390x",
"AppStream-9.2.0.GA:grafana-pcp-debuginfo-0:5.1.1-1.el9.x86_64",
"AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.aarch64",
"AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.s390x",
"AppStream-9.2.0.GA:grafana-pcp-debugsource-0:5.1.1-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
}
]
}
RHSA-2023:2193
Vulnerability from csaf_redhat - Published: 2023-05-09 09:51 - Updated: 2026-05-11 14:40Summary
Red Hat Security Advisory: butane security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An update for butane is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Butane translates human-readable Butane Configs into machine-readable Ignition configs for provisioning operating systems that use Ignition.
The following packages have been upgraded to a later upstream version: butane (0.16.0). (BZ#2135475)
Security Fix(es):
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for butane is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Butane translates human-readable Butane Configs into machine-readable Ignition configs for provisioning operating systems that use Ignition.\n\nThe following packages have been upgraded to a later upstream version: butane (0.16.0). (BZ#2135475)\n\nSecurity Fix(es):\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2193",
"url": "https://access.redhat.com/errata/RHSA-2023:2193"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2135475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135475"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2193.json"
}
],
"title": "Red Hat Security Advisory: butane security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-05-11T14:40:44+00:00",
"generator": {
"date": "2026-05-11T14:40:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2023:2193",
"initial_release_date": "2023-05-09T09:51:30+00:00",
"revision_history": [
{
"date": "2023-05-09T09:51:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T09:51:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-11T14:40:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "butane-0:0.16.0-1.el9.src",
"product": {
"name": "butane-0:0.16.0-1.el9.src",
"product_id": "butane-0:0.16.0-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane@0.16.0-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "butane-0:0.16.0-1.el9.aarch64",
"product": {
"name": "butane-0:0.16.0-1.el9.aarch64",
"product_id": "butane-0:0.16.0-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane@0.16.0-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "butane-debugsource-0:0.16.0-1.el9.aarch64",
"product": {
"name": "butane-debugsource-0:0.16.0-1.el9.aarch64",
"product_id": "butane-debugsource-0:0.16.0-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane-debugsource@0.16.0-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "butane-debuginfo-0:0.16.0-1.el9.aarch64",
"product": {
"name": "butane-debuginfo-0:0.16.0-1.el9.aarch64",
"product_id": "butane-debuginfo-0:0.16.0-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane-debuginfo@0.16.0-1.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "butane-0:0.16.0-1.el9.ppc64le",
"product": {
"name": "butane-0:0.16.0-1.el9.ppc64le",
"product_id": "butane-0:0.16.0-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane@0.16.0-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "butane-debugsource-0:0.16.0-1.el9.ppc64le",
"product": {
"name": "butane-debugsource-0:0.16.0-1.el9.ppc64le",
"product_id": "butane-debugsource-0:0.16.0-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane-debugsource@0.16.0-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "butane-debuginfo-0:0.16.0-1.el9.ppc64le",
"product": {
"name": "butane-debuginfo-0:0.16.0-1.el9.ppc64le",
"product_id": "butane-debuginfo-0:0.16.0-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane-debuginfo@0.16.0-1.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "butane-0:0.16.0-1.el9.x86_64",
"product": {
"name": "butane-0:0.16.0-1.el9.x86_64",
"product_id": "butane-0:0.16.0-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane@0.16.0-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "butane-debugsource-0:0.16.0-1.el9.x86_64",
"product": {
"name": "butane-debugsource-0:0.16.0-1.el9.x86_64",
"product_id": "butane-debugsource-0:0.16.0-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane-debugsource@0.16.0-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "butane-debuginfo-0:0.16.0-1.el9.x86_64",
"product": {
"name": "butane-debuginfo-0:0.16.0-1.el9.x86_64",
"product_id": "butane-debuginfo-0:0.16.0-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane-debuginfo@0.16.0-1.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "butane-0:0.16.0-1.el9.s390x",
"product": {
"name": "butane-0:0.16.0-1.el9.s390x",
"product_id": "butane-0:0.16.0-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane@0.16.0-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "butane-debugsource-0:0.16.0-1.el9.s390x",
"product": {
"name": "butane-debugsource-0:0.16.0-1.el9.s390x",
"product_id": "butane-debugsource-0:0.16.0-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane-debugsource@0.16.0-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "butane-debuginfo-0:0.16.0-1.el9.s390x",
"product": {
"name": "butane-debuginfo-0:0.16.0-1.el9.s390x",
"product_id": "butane-debuginfo-0:0.16.0-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane-debuginfo@0.16.0-1.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-0:0.16.0-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.aarch64"
},
"product_reference": "butane-0:0.16.0-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-0:0.16.0-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.ppc64le"
},
"product_reference": "butane-0:0.16.0-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-0:0.16.0-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.s390x"
},
"product_reference": "butane-0:0.16.0-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-0:0.16.0-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.src"
},
"product_reference": "butane-0:0.16.0-1.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-0:0.16.0-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.x86_64"
},
"product_reference": "butane-0:0.16.0-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-debuginfo-0:0.16.0-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.aarch64"
},
"product_reference": "butane-debuginfo-0:0.16.0-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-debuginfo-0:0.16.0-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.ppc64le"
},
"product_reference": "butane-debuginfo-0:0.16.0-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-debuginfo-0:0.16.0-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.s390x"
},
"product_reference": "butane-debuginfo-0:0.16.0-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-debuginfo-0:0.16.0-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.x86_64"
},
"product_reference": "butane-debuginfo-0:0.16.0-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-debugsource-0:0.16.0-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.aarch64"
},
"product_reference": "butane-debugsource-0:0.16.0-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-debugsource-0:0.16.0-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.ppc64le"
},
"product_reference": "butane-debugsource-0:0.16.0-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-debugsource-0:0.16.0-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.s390x"
},
"product_reference": "butane-debugsource-0:0.16.0-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-debugsource-0:0.16.0-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.x86_64"
},
"product_reference": "butane-debugsource-0:0.16.0-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.src",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.x86_64",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.x86_64",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T09:51:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.src",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.x86_64",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.x86_64",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2193"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.src",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.x86_64",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.x86_64",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.src",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.x86_64",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.x86_64",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T09:51:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.src",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.x86_64",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.x86_64",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2193"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.src",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.x86_64",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.x86_64",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.src",
"AppStream-9.2.0.GA:butane-0:0.16.0-1.el9.x86_64",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-debuginfo-0:0.16.0-1.el9.x86_64",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.aarch64",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.s390x",
"AppStream-9.2.0.GA:butane-debugsource-0:0.16.0-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
}
]
}
RHSA-2023:2204
Vulnerability from csaf_redhat - Published: 2023-05-09 10:11 - Updated: 2026-05-27 08:36Summary
Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood.
Security Fix(es):
* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
6.5 (Medium)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch | — |
Threats
Impact
Moderate
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch | — |
Threats
Impact
Moderate
References
52 references
Acknowledgments
ADA Logics
Adam Korczynski
OSS-Fuzz
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood.\n\nSecurity Fix(es):\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2204",
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "2119980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119980"
},
{
"category": "external",
"summary": "2122843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122843"
},
{
"category": "external",
"summary": "2123373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2123373"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2125249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125249"
},
{
"category": "external",
"summary": "2132250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132250"
},
{
"category": "external",
"summary": "2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2136504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136504"
},
{
"category": "external",
"summary": "2137364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137364"
},
{
"category": "external",
"summary": "2139645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139645"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2164560",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164560"
},
{
"category": "external",
"summary": "2174158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174158"
},
{
"category": "external",
"summary": "2177699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177699"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2204.json"
}
],
"title": "Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-05-27T08:36:17+00:00",
"generator": {
"date": "2026-05-27T08:36:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:2204",
"initial_release_date": "2023-05-09T10:11:21+00:00",
"revision_history": [
{
"date": "2023-05-09T10:11:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T10:11:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T08:36:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "weldr-client-0:35.9-1.el9.src",
"product": {
"name": "weldr-client-0:35.9-1.el9.src",
"product_id": "weldr-client-0:35.9-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client@35.9-1.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "osbuild-0:81-1.el9.src",
"product": {
"name": "osbuild-0:81-1.el9.src",
"product_id": "osbuild-0:81-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild@81-1.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "cockpit-composer-0:45-1.el9_2.src",
"product": {
"name": "cockpit-composer-0:45-1.el9_2.src",
"product_id": "cockpit-composer-0:45-1.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cockpit-composer@45-1.el9_2?arch=src"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-0:76-2.el9_2.src",
"product": {
"name": "osbuild-composer-0:76-2.el9_2.src",
"product_id": "osbuild-composer-0:76-2.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76-2.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "weldr-client-0:35.9-1.el9.aarch64",
"product": {
"name": "weldr-client-0:35.9-1.el9.aarch64",
"product_id": "weldr-client-0:35.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client@35.9-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debugsource-0:35.9-1.el9.aarch64",
"product": {
"name": "weldr-client-debugsource-0:35.9-1.el9.aarch64",
"product_id": "weldr-client-debugsource-0:35.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debugsource@35.9-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"product": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"product_id": "weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debuginfo@35.9-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"product": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"product_id": "weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-tests-debuginfo@35.9-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-core-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-core-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-worker-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-worker-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@76-2.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "weldr-client-0:35.9-1.el9.ppc64le",
"product": {
"name": "weldr-client-0:35.9-1.el9.ppc64le",
"product_id": "weldr-client-0:35.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client@35.9-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"product": {
"name": "weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"product_id": "weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debugsource@35.9-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"product": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"product_id": "weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debuginfo@35.9-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"product": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"product_id": "weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-tests-debuginfo@35.9-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-core-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-core-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@76-2.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "weldr-client-0:35.9-1.el9.x86_64",
"product": {
"name": "weldr-client-0:35.9-1.el9.x86_64",
"product_id": "weldr-client-0:35.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client@35.9-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debugsource-0:35.9-1.el9.x86_64",
"product": {
"name": "weldr-client-debugsource-0:35.9-1.el9.x86_64",
"product_id": "weldr-client-debugsource-0:35.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debugsource@35.9-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"product": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"product_id": "weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debuginfo@35.9-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64",
"product": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64",
"product_id": "weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-tests-debuginfo@35.9-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-core-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-core-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-worker-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-worker-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@76-2.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "weldr-client-0:35.9-1.el9.s390x",
"product": {
"name": "weldr-client-0:35.9-1.el9.s390x",
"product_id": "weldr-client-0:35.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client@35.9-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debugsource-0:35.9-1.el9.s390x",
"product": {
"name": "weldr-client-debugsource-0:35.9-1.el9.s390x",
"product_id": "weldr-client-debugsource-0:35.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debugsource@35.9-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debuginfo-0:35.9-1.el9.s390x",
"product": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.s390x",
"product_id": "weldr-client-debuginfo-0:35.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debuginfo@35.9-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"product": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"product_id": "weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-tests-debuginfo@35.9-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-core-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-core-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-worker-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-worker-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@76-2.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-0:81-1.el9.noarch",
"product": {
"name": "osbuild-0:81-1.el9.noarch",
"product_id": "osbuild-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "osbuild-luks2-0:81-1.el9.noarch",
"product": {
"name": "osbuild-luks2-0:81-1.el9.noarch",
"product_id": "osbuild-luks2-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-luks2@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "osbuild-lvm2-0:81-1.el9.noarch",
"product": {
"name": "osbuild-lvm2-0:81-1.el9.noarch",
"product_id": "osbuild-lvm2-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-lvm2@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "osbuild-ostree-0:81-1.el9.noarch",
"product": {
"name": "osbuild-ostree-0:81-1.el9.noarch",
"product_id": "osbuild-ostree-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-ostree@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "osbuild-selinux-0:81-1.el9.noarch",
"product": {
"name": "osbuild-selinux-0:81-1.el9.noarch",
"product_id": "osbuild-selinux-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-selinux@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-osbuild-0:81-1.el9.noarch",
"product": {
"name": "python3-osbuild-0:81-1.el9.noarch",
"product_id": "python3-osbuild-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-osbuild@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "cockpit-composer-0:45-1.el9_2.noarch",
"product": {
"name": "cockpit-composer-0:45-1.el9_2.noarch",
"product_id": "cockpit-composer-0:45-1.el9_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cockpit-composer@45-1.el9_2?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-composer-0:45-1.el9_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch"
},
"product_reference": "cockpit-composer-0:45-1.el9_2.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-composer-0:45-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src"
},
"product_reference": "cockpit-composer-0:45-1.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch"
},
"product_reference": "osbuild-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-0:81-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-0:81-1.el9.src"
},
"product_reference": "osbuild-0:81-1.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76-2.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src"
},
"product_reference": "osbuild-composer-0:76-2.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-core-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-core-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-core-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-core-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-worker-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-worker-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-worker-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-luks2-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch"
},
"product_reference": "osbuild-luks2-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-lvm2-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch"
},
"product_reference": "osbuild-lvm2-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-ostree-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch"
},
"product_reference": "osbuild-ostree-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-selinux-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch"
},
"product_reference": "osbuild-selinux-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-osbuild-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
},
"product_reference": "python3-osbuild-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-0:35.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64"
},
"product_reference": "weldr-client-0:35.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-0:35.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le"
},
"product_reference": "weldr-client-0:35.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-0:35.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x"
},
"product_reference": "weldr-client-0:35.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-0:35.9-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src"
},
"product_reference": "weldr-client-0:35.9-1.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-0:35.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64"
},
"product_reference": "weldr-client-0:35.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64"
},
"product_reference": "weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le"
},
"product_reference": "weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x"
},
"product_reference": "weldr-client-debuginfo-0:35.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64"
},
"product_reference": "weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debugsource-0:35.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64"
},
"product_reference": "weldr-client-debugsource-0:35.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debugsource-0:35.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le"
},
"product_reference": "weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debugsource-0:35.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x"
},
"product_reference": "weldr-client-debugsource-0:35.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debugsource-0:35.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64"
},
"product_reference": "weldr-client-debugsource-0:35.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64"
},
"product_reference": "weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le"
},
"product_reference": "weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x"
},
"product_reference": "weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
},
"product_reference": "weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-2879",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.\n\n\nThis flaw additionally affects the github.com/vbatts/tar-split library and was fixed in v0.12.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"known_not_affected": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2879"
},
{
"category": "external",
"summary": "RHBZ#2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54853",
"url": "https://github.com/golang/go/issues/54853"
},
{
"category": "external",
"summary": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1",
"url": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:11:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"known_not_affected": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:11:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"known_not_affected": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:11:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"known_not_affected": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:11:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"known_not_affected": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:11:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:2236
Vulnerability from csaf_redhat - Published: 2023-05-09 10:03 - Updated: 2026-05-11 14:40Summary
Red Hat Security Advisory: toolbox security and bug fix update
Severity
Moderate
Notes
Topic: An update for toolbox is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.
Security Fix(es):
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for toolbox is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.\n\nSecurity Fix(es):\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2236",
"url": "https://access.redhat.com/errata/RHSA-2023:2236"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "2033282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033282"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2163752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163752"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2236.json"
}
],
"title": "Red Hat Security Advisory: toolbox security and bug fix update",
"tracking": {
"current_release_date": "2026-05-11T14:40:47+00:00",
"generator": {
"date": "2026-05-11T14:40:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2023:2236",
"initial_release_date": "2023-05-09T10:03:47+00:00",
"revision_history": [
{
"date": "2023-05-09T10:03:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T10:03:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-11T14:40:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-9.el9.src",
"product": {
"name": "toolbox-0:0.0.99.3-9.el9.src",
"product_id": "toolbox-0:0.0.99.3-9.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-9.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-9.el9.aarch64",
"product": {
"name": "toolbox-0:0.0.99.3-9.el9.aarch64",
"product_id": "toolbox-0:0.0.99.3-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-9.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"product": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"product_id": "toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-9.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"product_id": "toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-9.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"product_id": "toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-9.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-9.el9.ppc64le",
"product": {
"name": "toolbox-0:0.0.99.3-9.el9.ppc64le",
"product_id": "toolbox-0:0.0.99.3-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-9.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"product": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"product_id": "toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-9.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"product_id": "toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-9.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"product_id": "toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-9.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-9.el9.x86_64",
"product": {
"name": "toolbox-0:0.0.99.3-9.el9.x86_64",
"product_id": "toolbox-0:0.0.99.3-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-9.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-9.el9.x86_64",
"product": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.x86_64",
"product_id": "toolbox-tests-0:0.0.99.3-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-9.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"product_id": "toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-9.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"product_id": "toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-9.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-9.el9.s390x",
"product": {
"name": "toolbox-0:0.0.99.3-9.el9.s390x",
"product_id": "toolbox-0:0.0.99.3-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-9.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-9.el9.s390x",
"product": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.s390x",
"product_id": "toolbox-tests-0:0.0.99.3-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-9.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"product_id": "toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-9.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"product_id": "toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-9.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-9.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64"
},
"product_reference": "toolbox-0:0.0.99.3-9.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-9.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le"
},
"product_reference": "toolbox-0:0.0.99.3-9.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-9.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x"
},
"product_reference": "toolbox-0:0.0.99.3-9.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-9.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src"
},
"product_reference": "toolbox-0:0.0.99.3-9.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-9.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64"
},
"product_reference": "toolbox-0:0.0.99.3-9.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64"
},
"product_reference": "toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le"
},
"product_reference": "toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x"
},
"product_reference": "toolbox-tests-0:0.0.99.3-9.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
},
"product_reference": "toolbox-tests-0:0.0.99.3-9.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2236"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…