Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-39325 (GCVE-0-2023-39325)
Vulnerability from cvelistv5 – Published: 2023-10-11 21:15 – Updated: 2025-02-13 17:02
VLAI
EPSS
Title
HTTP/2 rapid reset can cause excessive work in net/http
Summary
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
43 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | net/http |
Affected:
0 , < 1.20.10
(semver)
Affected: 1.21.0-0 , < 1.21.3 (semver) |
|
| golang.org/x/net | golang.org/x/net/http2 |
Affected:
0 , < 0.17.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/63417"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/534215"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/534235"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "http2serverConn.serve"
},
{
"name": "http2serverConn.processHeaders"
},
{
"name": "http2serverConn.upgradeRequest"
},
{
"name": "http2serverConn.runHandler"
},
{
"name": "ListenAndServe"
},
{
"name": "ListenAndServeTLS"
},
{
"name": "Serve"
},
{
"name": "ServeTLS"
},
{
"name": "Server.ListenAndServe"
},
{
"name": "Server.ListenAndServeTLS"
},
{
"name": "Server.Serve"
},
{
"name": "Server.ServeTLS"
},
{
"name": "http2Server.ServeConn"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.21.3",
"status": "affected",
"version": "1.21.0-0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/http2",
"product": "golang.org/x/net/http2",
"programRoutines": [
{
"name": "serverConn.serve"
},
{
"name": "serverConn.processHeaders"
},
{
"name": "serverConn.upgradeRequest"
},
{
"name": "serverConn.runHandler"
},
{
"name": "Server.ServeConn"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.17.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-28T04:05:57.980Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/63417"
},
{
"url": "https://go.dev/cl/534215"
},
{
"url": "https://go.dev/cl/534235"
},
{
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
},
{
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/"
}
],
"title": "HTTP/2 rapid reset can cause excessive work in net/http"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2023-39325",
"datePublished": "2023-10-11T21:15:02.727Z",
"dateReserved": "2023-07-27T17:05:55.188Z",
"dateUpdated": "2025-02-13T17:02:50.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-39325",
"date": "2026-06-04",
"epss": "0.0015",
"percentile": "0.3519"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-39325\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2023-10-11T22:15:09.880\",\"lastModified\":\"2024-11-21T08:15:09.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.\"},{\"lang\":\"es\",\"value\":\"Un cliente HTTP/2 malicioso que crea solicitudes r\u00e1pidamente y las restablece inmediatamente puede provocar un consumo excesivo de recursos del servidor. Si bien el n\u00famero total de solicitudes est\u00e1 limitado por la configuraci\u00f3n http2.Server.MaxConcurrentStreams, restablecer una solicitud en curso permite al atacante crear una nueva solicitud mientras la existente a\u00fan se est\u00e1 ejecutando. Con la soluci\u00f3n aplicada, los servidores HTTP/2 ahora vincularon el n\u00famero de rutinas de controlador que se ejecutan simult\u00e1neamente al l\u00edmite de concurrencia de transmisi\u00f3n (MaxConcurrentStreams). Las nuevas solicitudes que lleguen cuando se encuentre en el l\u00edmite (lo que solo puede ocurrir despu\u00e9s de que el cliente haya restablecido una solicitud existente en curso) se pondr\u00e1n en cola hasta que salga un controlador. Si la cola de solicitudes crece demasiado, el servidor finalizar\u00e1 la conexi\u00f3n. Este problema tambi\u00e9n se solucion\u00f3 en golang.org/x/net/http2 para los usuarios que configuran HTTP/2 manualmente. El l\u00edmite de simultaneidad de transmisiones predeterminado es 250 transmisiones (solicitudes) por conexi\u00f3n HTTP/2. Este valor se puede ajustar utilizando el paquete golang.org/x/net/http2; consulte la configuraci\u00f3n Server.MaxConcurrentStreams y la funci\u00f3n ConfigureServer.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.20.0\",\"versionEndExcluding\":\"1.20.10\",\"matchCriteriaId\":\"99C776A5-1409-4638-AB9A-8A2B053DBFE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.21.0\",\"versionEndExcluding\":\"1.21.3\",\"matchCriteriaId\":\"5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.17.0\",\"matchCriteriaId\":\"D7D2F801-6F65-4705-BCB9-D057EA54A707\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:astra_trident:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E44A7B-F32A-43F2-B41A-CB3049100DF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:astra_trident_autosupport:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25008095-A75E-4E34-9538-61B6334BB0F9\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/534215\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/cl/534235\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/63417\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ\",\"source\":\"security@golang.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2023-2102\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231110-0008/\",\"source\":\"security@golang.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://go.dev/cl/534215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/cl/534235\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/63417\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2023-2102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231110-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2023:5933
Vulnerability from csaf_redhat - Published: 2023-10-26 01:04 - Updated: 2026-06-05 00:58Summary
Red Hat Security Advisory: Openshift Secondary Scheduler Operator 1.1.3 security update
Severity
Important
Notes
Topic: Secondary Scheduler Operator for Red Hat OpenShift 1.1.3
An update for secondary-scheduler-operator-bundle-container and secondary-scheduler-operator-container is now available for OSSO-1.1-RHEL-8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Secondary Scheduler Operator for Red Hat OpenShift 1.1.3
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64 | — |
Threats
Impact
Moderate
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64 | — |
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64 | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Secondary Scheduler Operator for Red Hat OpenShift 1.1.3\n\nAn update for secondary-scheduler-operator-bundle-container and secondary-scheduler-operator-container is now available for OSSO-1.1-RHEL-8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Secondary Scheduler Operator for Red Hat OpenShift 1.1.3\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5933",
"url": "https://access.redhat.com/errata/RHSA-2023:5933"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "WRKLDS-878",
"url": "https://issues.redhat.com/browse/WRKLDS-878"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5933.json"
}
],
"title": "Red Hat Security Advisory: Openshift Secondary Scheduler Operator 1.1.3 security update",
"tracking": {
"current_release_date": "2026-06-05T00:58:12+00:00",
"generator": {
"date": "2026-06-05T00:58:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5933",
"initial_release_date": "2023-10-26T01:04:37+00:00",
"revision_history": [
{
"date": "2023-10-26T01:04:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-26T21:11:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:58:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OSSO 1.1 for RHEL 8",
"product": {
"name": "OSSO 1.1 for RHEL 8",
"product_id": "8Base-OSSO-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_secondary_scheduler:1.1::el8"
}
}
}
],
"category": "product_family",
"name": "Openshift Secondary Scheduler Operator"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"product": {
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"product_id": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle\u0026tag=v1.1-34"
}
}
},
{
"category": "product_version",
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64",
"product": {
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64",
"product_id": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8\u0026tag=v1.1-37"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64 as a component of OSSO 1.1 for RHEL 8",
"product_id": "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
},
"product_reference": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"relates_to_product_reference": "8Base-OSSO-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64 as a component of OSSO 1.1 for RHEL 8",
"product_id": "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
},
"product_reference": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64",
"relates_to_product_reference": "8Base-OSSO-1.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
],
"known_not_affected": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T01:04:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5933"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
],
"known_not_affected": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T01:04:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5933"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
],
"known_not_affected": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T01:04:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5933"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
],
"known_not_affected": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T01:04:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5933"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5935
Vulnerability from csaf_redhat - Published: 2023-10-19 16:50 - Updated: 2026-06-05 00:58Summary
Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 security update
Severity
Important
Notes
Topic: An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2.5.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)
* golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532)
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
63 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2.5.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)\n\n* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)\n\n* golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5935",
"url": "https://access.redhat.com/errata/RHSA-2023:5935"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2178488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488"
},
{
"category": "external",
"summary": "2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2223355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223355"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5935.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 security update",
"tracking": {
"current_release_date": "2026-06-05T00:58:22+00:00",
"generator": {
"date": "2026-06-05T00:58:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5935",
"initial_release_date": "2023-10-19T16:50:07+00:00",
"revision_history": [
{
"date": "2023-10-19T16:50:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-19T16:50:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:58:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.2",
"product": {
"name": "Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"product": {
"name": "rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"product_id": "rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel8/osp-director-agent\u0026tag=1.3.0-10"
}
}
},
{
"category": "product_version",
"name": "rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"product": {
"name": "rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"product_id": "rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel8/osp-director-downloader\u0026tag=1.3.0-11"
}
}
},
{
"category": "product_version",
"name": "rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"product": {
"name": "rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"product_id": "rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel8/osp-director-operator-bundle\u0026tag=1.3.0-19"
}
}
},
{
"category": "product_version",
"name": "rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64",
"product": {
"name": "rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64",
"product_id": "rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel8/osp-director-operator\u0026tag=1.3.0-9"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64"
},
"product_reference": "rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64"
},
"product_reference": "rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64"
},
"product_reference": "rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
},
"product_reference": "rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64",
"relates_to_product_reference": "8Base-RHOS-16.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41724",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178492"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: large handshake records may cause panics",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a denial of service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41724"
},
{
"category": "external",
"summary": "RHBZ#2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724"
},
{
"category": "external",
"summary": "https://go.dev/cl/468125",
"url": "https://go.dev/cl/468125"
},
{
"category": "external",
"summary": "https://go.dev/issue/58001",
"url": "https://go.dev/issue/58001"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1570",
"url": "https://pkg.go.dev/vuln/GO-2023-1570"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T16:50:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: large handshake records may cause panics"
},
{
"cve": "CVE-2022-41725",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178488"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, mime/multipart: denial of service from excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41725"
},
{
"category": "external",
"summary": "RHBZ#2178488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725"
},
{
"category": "external",
"summary": "https://go.dev/cl/468124",
"url": "https://go.dev/cl/468124"
},
{
"category": "external",
"summary": "https://go.dev/issue/58006",
"url": "https://go.dev/issue/58006"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1569",
"url": "https://pkg.go.dev/vuln/GO-2023-1569"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T16:50:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption"
},
{
"cve": "CVE-2023-24532",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"discovery_date": "2023-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2223355"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24532"
},
{
"category": "external",
"summary": "RHBZ#2223355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223355"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24532",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24532"
},
{
"category": "external",
"summary": "https://go.dev/cl/471255",
"url": "https://go.dev/cl/471255"
},
{
"category": "external",
"summary": "https://go.dev/issue/58647",
"url": "https://go.dev/issue/58647"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY",
"url": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1621",
"url": "https://pkg.go.dev/vuln/GO-2023-1621"
}
],
"release_date": "2023-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T16:50:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results"
},
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T16:50:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T16:50:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T16:50:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5935"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T16:50:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5935"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5947
Vulnerability from csaf_redhat - Published: 2023-10-26 00:47 - Updated: 2026-06-05 00:58Summary
Red Hat Security Advisory: Run Once Duration Override Operator for Red Hat OpenShift 1.0.1 security update
Severity
Important
Notes
Topic: An update for run-once-duration-override-container, run-once-duration-override-operator-bundle-container, and run-once-duration-override-operator-container is now available for RODOO-1.0-RHEL-8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Run Once Duration Override Operator for Red Hat OpenShift is an optional
operator that makes it possible to override activeDeadlineSecondsOverride
field during pod admission.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)
* golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532)
* golang: html/template: improper sanitization of CSS values (CVE-2023-24539)
* golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)
* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — | ||
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr={{.}}") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — | ||
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
Threats
Impact
Moderate
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — | ||
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This issue may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — | ||
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — | ||
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — | ||
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — | ||
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
98 references
Acknowledgments
Mattermost
Juho Nurminen
GMO Cybersecurity by Ierae, Inc.
Takeshi Kaneko
Martin Seemann
Marten Seemann
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for run-once-duration-override-container, run-once-duration-override-operator-bundle-container, and run-once-duration-override-operator-container is now available for RODOO-1.0-RHEL-8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Run Once Duration Override Operator for Red Hat OpenShift is an optional\noperator that makes it possible to override activeDeadlineSecondsOverride\nfield during pod admission.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)\n\n* golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532)\n\n* golang: html/template: improper sanitization of CSS values (CVE-2023-24539)\n\n* golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\n* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)\n\n* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)\n\n* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)\n\n* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5947",
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2196026",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196026"
},
{
"category": "external",
"summary": "2196027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027"
},
{
"category": "external",
"summary": "2196029",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196029"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2223355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223355"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "OCPBUGS-20489",
"url": "https://issues.redhat.com/browse/OCPBUGS-20489"
},
{
"category": "external",
"summary": "WRKLDS-780",
"url": "https://issues.redhat.com/browse/WRKLDS-780"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5947.json"
}
],
"title": "Red Hat Security Advisory: Run Once Duration Override Operator for Red Hat OpenShift 1.0.1 security update",
"tracking": {
"current_release_date": "2026-06-05T00:58:22+00:00",
"generator": {
"date": "2026-06-05T00:58:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5947",
"initial_release_date": "2023-10-26T00:47:43+00:00",
"revision_history": [
{
"date": "2023-10-26T00:47:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-26T00:47:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:58:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RODOO 1.0 for RHEL 8",
"product": {
"name": "RODOO 1.0 for RHEL 8",
"product_id": "8Base-RODOO-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:run_once_duration_override_operator:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Run Once Duration Override Operator"
},
{
"branches": [
{
"category": "product_version",
"name": "run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64",
"product": {
"name": "run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64",
"product_id": "run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64",
"product_identification_helper": {
"purl": "pkg:oci/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43?arch=amd64\u0026repository_url=registry.redhat.io/run-once-duration-override-operator/run-once-duration-override-rhel8\u0026tag=v1.0-30"
}
}
},
{
"category": "product_version",
"name": "run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"product": {
"name": "run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"product_id": "run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6?arch=amd64\u0026repository_url=registry.redhat.io/run-once-duration-override-operator/run-once-duration-override-operator-bundle\u0026tag=v1.0-20"
}
}
},
{
"category": "product_version",
"name": "run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"product": {
"name": "run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"product_id": "run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b?arch=amd64\u0026repository_url=registry.redhat.io/run-once-duration-override-operator/run-once-duration-override-operator-rhel8\u0026tag=v1.0-25"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 as a component of RODOO 1.0 for RHEL 8",
"product_id": "8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64"
},
"product_reference": "run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"relates_to_product_reference": "8Base-RODOO-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 as a component of RODOO 1.0 for RHEL 8",
"product_id": "8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
},
"product_reference": "run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"relates_to_product_reference": "8Base-RODOO-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 as a component of RODOO 1.0 for RHEL 8",
"product_id": "8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
},
"product_reference": "run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64",
"relates_to_product_reference": "8Base-RODOO-1.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24532",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"discovery_date": "2023-07-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2223355"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24532"
},
{
"category": "external",
"summary": "RHBZ#2223355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223355"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24532",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24532"
},
{
"category": "external",
"summary": "https://go.dev/cl/471255",
"url": "https://go.dev/cl/471255"
},
{
"category": "external",
"summary": "https://go.dev/issue/58647",
"url": "https://go.dev/issue/58647"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY",
"url": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1621",
"url": "https://pkg.go.dev/vuln/GO-2023-1621"
}
],
"release_date": "2023-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results"
},
{
"acknowledgments": [
{
"names": [
"Juho Nurminen"
],
"organization": "Mattermost"
}
],
"cve": "CVE-2023-24539",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"discovery_date": "2023-05-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196026"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a \u0027/\u0027 character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper sanitization of CSS values",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, not in the actual code. Thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users only, therefore, the impact is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24539"
},
{
"category": "external",
"summary": "RHBZ#2196026",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196026"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24539"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/59720",
"url": "https://github.com/golang/go/issues/59720"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
}
],
"release_date": "2023-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper sanitization of CSS values"
},
{
"acknowledgments": [
{
"names": [
"Juho Nurminen"
],
"organization": "Mattermost"
}
],
"cve": "CVE-2023-24540",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"discovery_date": "2023-05-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196027"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of JavaScript whitespace",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users only, therefore the impact is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24540"
},
{
"category": "external",
"summary": "RHBZ#2196027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540"
},
{
"category": "external",
"summary": "https://go.dev/issue/59721",
"url": "https://go.dev/issue/59721"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
}
],
"release_date": "2023-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: html/template: improper handling of JavaScript whitespace"
},
{
"acknowledgments": [
{
"names": [
"Juho Nurminen"
],
"organization": "Mattermost"
}
],
"cve": "CVE-2023-29400",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"discovery_date": "2023-05-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196029"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of empty HTML attributes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, not in the actual code. Thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn OpenShift Container Platform and Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected containers are behind OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users, reducing the impact to low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29400"
},
{
"category": "external",
"summary": "RHBZ#2196029",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196029"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29400",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29400"
},
{
"category": "external",
"summary": "https://go.dev/issue/59722",
"url": "https://go.dev/issue/59722"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
}
],
"release_date": "2023-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of empty HTML attributes"
},
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39318",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237776"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of HTML-like comments within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39318"
},
{
"category": "external",
"summary": "RHBZ#2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318"
},
{
"category": "external",
"summary": "https://go.dev/cl/526156",
"url": "https://go.dev/cl/526156"
},
{
"category": "external",
"summary": "https://go.dev/issue/62196",
"url": "https://go.dev/issue/62196"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2041.json",
"url": "https://vuln.go.dev/ID/GO-2023-2041.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of HTML-like comments within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39319",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237773"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of special tags within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39319"
},
{
"category": "external",
"summary": "RHBZ#2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319"
},
{
"category": "external",
"summary": "https://go.dev/cl/526157",
"url": "https://go.dev/cl/526157"
},
{
"category": "external",
"summary": "https://go.dev/issue/62197",
"url": "https://go.dev/issue/62197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2043.json",
"url": "https://vuln.go.dev/ID/GO-2023-2043.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of special tags within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Martin Seemann"
]
}
],
"cve": "CVE-2023-39321",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw has been marked as moderate instead of high like NVD \nQUICConn.HandleData buffers data and passes it to handlePostHandshakeMessage every time the buffer contains a complete message, while HandleData doesn\u0027t limit the amount of data it can buffer, a panic or denial of service would likely be lower severity,also in order to exploit this vulnerability, an attacker would have to smuggle partial handshake data which might be rejected altogether as per tls RFC specification.Therfore because of a lower severity denial of service and conditions that are beyond the scope of attackers control,we have marked this as moderate severity",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39321"
},
{
"category": "external",
"summary": "RHBZ#2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2044.json",
"url": "https://vuln.go.dev/ID/GO-2023-2044.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections"
},
{
"acknowledgments": [
{
"names": [
"Marten Seemann"
]
}
],
"cve": "CVE-2023-39322",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: lack of a limit on buffered post-handshake",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A vulnerability was found in the Go QUIC protocol implementation in the logic that processes post-handshake messages. It is an uncontrolled resource consumption flaw, triggered when a malicious connection sends data without an enforced upper bound. This leads to unbounded memory growth, causing the service to crash and resulting in a denial of service.The single-dimensional impact of denial of service and the added complexity of whether the resource exhaustion would happen, being out of an attacker\u0027s control,this has been rated as moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39322"
},
{
"category": "external",
"summary": "RHBZ#2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2045.json",
"url": "https://vuln.go.dev/ID/GO-2023-2045.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: lack of a limit on buffered post-handshake"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5950
Vulnerability from csaf_redhat - Published: 2023-10-19 22:22 - Updated: 2026-06-05 00:58Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh for 2.2.11 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat OpenShift Service Mesh 2.2 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:7f58375b39ee7ed44fb1bd351f55057929fe94cc973cfae52336a3a23245308a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8c32a706594a914ea07519d8b8181af80d7d63f8ae16cdff00552e9bde3e04a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:a43e967f356eb8c3dfa082752045b4f3d3e4accaf539825487c3d9dc222e89be_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:1be9910498fad81c5f75b549888a1848a72025de76c7077319d88c2c01810307_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3acabc42f763763a0dd787b847b95cc851cfe1e8d0ef23e29149a406c926a5f1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a22df732e77a5352f63c9043dc07d0ebc21aa13322d809d36c23967a748671bd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:1d4de29ba184fba74c0a20228f02731480e08804f173f04e1c23dba55811de32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a32af0e0ea904a63369444e1de9075941cda6268b6c1f3e129a2aafb2892efb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:8c93aafd4c2424e8cf5065aca72eae6b4fd13c701deccaa37f1c4bf241802dae_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:957d12face152b24cf0dfbb965b3091ea75eb968e1041079986ac84ca39ed076_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d9dd763fbb43bd1db2b5c59a921b532d898dd2029c2d149fc6a3839546b30ed5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:e24e22e9155184d5140fb3bbea77ac91908505796f55811b4800e75445f7a20e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1233216c4378bcf01dc9673856d34439ad254f3fcdc1acb584d6abe4de550da8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:319e5911c349cd8613d6a8b429b9402a7cebfcd0d7175e0bef449f0eb305643b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7a2cca59e90e285eccf4f0b46786c0e653dd803091a35c3a751d12bcffe8c817_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:4a9dcc95179300d844f62e30f667965e62a86a850fd3417f422d2f72d5a8ccf5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b4a6cfe137c2fc858609f5e0bd3305cd0c8f4ad054d601f603b9d39ce335144_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f1975242cf74fe2d6ab0908e04e4ea5b33c32e09112b7ef58640436e677ac9b9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:23478091aeaeb3d161af0925a9b51d8b9684d08e3b3ce28f46c922c99d454b43_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:7d529995fe3512ce543cc612717c8c7af34a57447620e5abd749de0456a30a47_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:b429f0c68834e5e6dd95e9b9396980ed789302e3ab756decf00a18d9bc94a74b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0917002c2854e6161df80644db34e7908fd9522e56ab1a8e8865d0f4859c8880_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:e99c2da16e42573a7684c7a36ba5eafbc58101ce25c321602bac9926f37a5a28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:f230fe266302fde1ec9e793e8598d34a8e6814ee1641eacfb526cf67badd6642_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Service Mesh 2.2 for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5950",
"url": "https://access.redhat.com/errata/RHSA-2023:5950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "OSSM-5021",
"url": "https://issues.redhat.com/browse/OSSM-5021"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5950.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh for 2.2.11 security update",
"tracking": {
"current_release_date": "2026-06-05T00:58:34+00:00",
"generator": {
"date": "2026-06-05T00:58:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5950",
"initial_release_date": "2023-10-19T22:22:20+00:00",
"revision_history": [
{
"date": "2023-10-19T22:22:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-19T22:22:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:58:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOSSM 2.2 for RHEL 8",
"product": {
"name": "RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:1be9910498fad81c5f75b549888a1848a72025de76c7077319d88c2c01810307_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:1be9910498fad81c5f75b549888a1848a72025de76c7077319d88c2c01810307_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:1be9910498fad81c5f75b549888a1848a72025de76c7077319d88c2c01810307_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:1be9910498fad81c5f75b549888a1848a72025de76c7077319d88c2c01810307?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.2.11-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:7f58375b39ee7ed44fb1bd351f55057929fe94cc973cfae52336a3a23245308a_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:7f58375b39ee7ed44fb1bd351f55057929fe94cc973cfae52336a3a23245308a_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:7f58375b39ee7ed44fb1bd351f55057929fe94cc973cfae52336a3a23245308a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:7f58375b39ee7ed44fb1bd351f55057929fe94cc973cfae52336a3a23245308a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.2.11-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:957d12face152b24cf0dfbb965b3091ea75eb968e1041079986ac84ca39ed076_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:957d12face152b24cf0dfbb965b3091ea75eb968e1041079986ac84ca39ed076_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:957d12face152b24cf0dfbb965b3091ea75eb968e1041079986ac84ca39ed076_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:957d12face152b24cf0dfbb965b3091ea75eb968e1041079986ac84ca39ed076?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.48.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a32af0e0ea904a63369444e1de9075941cda6268b6c1f3e129a2aafb2892efb_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a32af0e0ea904a63369444e1de9075941cda6268b6c1f3e129a2aafb2892efb_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a32af0e0ea904a63369444e1de9075941cda6268b6c1f3e129a2aafb2892efb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:6a32af0e0ea904a63369444e1de9075941cda6268b6c1f3e129a2aafb2892efb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.2.11-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:1233216c4378bcf01dc9673856d34439ad254f3fcdc1acb584d6abe4de550da8_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:1233216c4378bcf01dc9673856d34439ad254f3fcdc1acb584d6abe4de550da8_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:1233216c4378bcf01dc9673856d34439ad254f3fcdc1acb584d6abe4de550da8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:1233216c4378bcf01dc9673856d34439ad254f3fcdc1acb584d6abe4de550da8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.2.11-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:4a9dcc95179300d844f62e30f667965e62a86a850fd3417f422d2f72d5a8ccf5_amd64",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:4a9dcc95179300d844f62e30f667965e62a86a850fd3417f422d2f72d5a8ccf5_amd64",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:4a9dcc95179300d844f62e30f667965e62a86a850fd3417f422d2f72d5a8ccf5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:4a9dcc95179300d844f62e30f667965e62a86a850fd3417f422d2f72d5a8ccf5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.2.11-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:7d529995fe3512ce543cc612717c8c7af34a57447620e5abd749de0456a30a47_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:7d529995fe3512ce543cc612717c8c7af34a57447620e5abd749de0456a30a47_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:7d529995fe3512ce543cc612717c8c7af34a57447620e5abd749de0456a30a47_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:7d529995fe3512ce543cc612717c8c7af34a57447620e5abd749de0456a30a47?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.2.11-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:0917002c2854e6161df80644db34e7908fd9522e56ab1a8e8865d0f4859c8880_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:0917002c2854e6161df80644db34e7908fd9522e56ab1a8e8865d0f4859c8880_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:0917002c2854e6161df80644db34e7908fd9522e56ab1a8e8865d0f4859c8880_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:0917002c2854e6161df80644db34e7908fd9522e56ab1a8e8865d0f4859c8880?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.2.11-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3acabc42f763763a0dd787b847b95cc851cfe1e8d0ef23e29149a406c926a5f1_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3acabc42f763763a0dd787b847b95cc851cfe1e8d0ef23e29149a406c926a5f1_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:3acabc42f763763a0dd787b847b95cc851cfe1e8d0ef23e29149a406c926a5f1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:3acabc42f763763a0dd787b847b95cc851cfe1e8d0ef23e29149a406c926a5f1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.2.11-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:a43e967f356eb8c3dfa082752045b4f3d3e4accaf539825487c3d9dc222e89be_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:a43e967f356eb8c3dfa082752045b4f3d3e4accaf539825487c3d9dc222e89be_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:a43e967f356eb8c3dfa082752045b4f3d3e4accaf539825487c3d9dc222e89be_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:a43e967f356eb8c3dfa082752045b4f3d3e4accaf539825487c3d9dc222e89be?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.2.11-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:d9dd763fbb43bd1db2b5c59a921b532d898dd2029c2d149fc6a3839546b30ed5_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:d9dd763fbb43bd1db2b5c59a921b532d898dd2029c2d149fc6a3839546b30ed5_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:d9dd763fbb43bd1db2b5c59a921b532d898dd2029c2d149fc6a3839546b30ed5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:d9dd763fbb43bd1db2b5c59a921b532d898dd2029c2d149fc6a3839546b30ed5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.48.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1d4de29ba184fba74c0a20228f02731480e08804f173f04e1c23dba55811de32_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1d4de29ba184fba74c0a20228f02731480e08804f173f04e1c23dba55811de32_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1d4de29ba184fba74c0a20228f02731480e08804f173f04e1c23dba55811de32_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:1d4de29ba184fba74c0a20228f02731480e08804f173f04e1c23dba55811de32?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.2.11-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:319e5911c349cd8613d6a8b429b9402a7cebfcd0d7175e0bef449f0eb305643b_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:319e5911c349cd8613d6a8b429b9402a7cebfcd0d7175e0bef449f0eb305643b_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:319e5911c349cd8613d6a8b429b9402a7cebfcd0d7175e0bef449f0eb305643b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:319e5911c349cd8613d6a8b429b9402a7cebfcd0d7175e0bef449f0eb305643b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.2.11-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:f1975242cf74fe2d6ab0908e04e4ea5b33c32e09112b7ef58640436e677ac9b9_ppc64le",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:f1975242cf74fe2d6ab0908e04e4ea5b33c32e09112b7ef58640436e677ac9b9_ppc64le",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:f1975242cf74fe2d6ab0908e04e4ea5b33c32e09112b7ef58640436e677ac9b9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:f1975242cf74fe2d6ab0908e04e4ea5b33c32e09112b7ef58640436e677ac9b9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.2.11-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:b429f0c68834e5e6dd95e9b9396980ed789302e3ab756decf00a18d9bc94a74b_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:b429f0c68834e5e6dd95e9b9396980ed789302e3ab756decf00a18d9bc94a74b_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:b429f0c68834e5e6dd95e9b9396980ed789302e3ab756decf00a18d9bc94a74b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:b429f0c68834e5e6dd95e9b9396980ed789302e3ab756decf00a18d9bc94a74b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.2.11-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:f230fe266302fde1ec9e793e8598d34a8e6814ee1641eacfb526cf67badd6642_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:f230fe266302fde1ec9e793e8598d34a8e6814ee1641eacfb526cf67badd6642_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:f230fe266302fde1ec9e793e8598d34a8e6814ee1641eacfb526cf67badd6642_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:f230fe266302fde1ec9e793e8598d34a8e6814ee1641eacfb526cf67badd6642?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.2.11-3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:a22df732e77a5352f63c9043dc07d0ebc21aa13322d809d36c23967a748671bd_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:a22df732e77a5352f63c9043dc07d0ebc21aa13322d809d36c23967a748671bd_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:a22df732e77a5352f63c9043dc07d0ebc21aa13322d809d36c23967a748671bd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:a22df732e77a5352f63c9043dc07d0ebc21aa13322d809d36c23967a748671bd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.2.11-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:8c32a706594a914ea07519d8b8181af80d7d63f8ae16cdff00552e9bde3e04a4_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:8c32a706594a914ea07519d8b8181af80d7d63f8ae16cdff00552e9bde3e04a4_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:8c32a706594a914ea07519d8b8181af80d7d63f8ae16cdff00552e9bde3e04a4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:8c32a706594a914ea07519d8b8181af80d7d63f8ae16cdff00552e9bde3e04a4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.2.11-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:e24e22e9155184d5140fb3bbea77ac91908505796f55811b4800e75445f7a20e_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:e24e22e9155184d5140fb3bbea77ac91908505796f55811b4800e75445f7a20e_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:e24e22e9155184d5140fb3bbea77ac91908505796f55811b4800e75445f7a20e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:e24e22e9155184d5140fb3bbea77ac91908505796f55811b4800e75445f7a20e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.48.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:8c93aafd4c2424e8cf5065aca72eae6b4fd13c701deccaa37f1c4bf241802dae_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:8c93aafd4c2424e8cf5065aca72eae6b4fd13c701deccaa37f1c4bf241802dae_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:8c93aafd4c2424e8cf5065aca72eae6b4fd13c701deccaa37f1c4bf241802dae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:8c93aafd4c2424e8cf5065aca72eae6b4fd13c701deccaa37f1c4bf241802dae?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.2.11-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:7a2cca59e90e285eccf4f0b46786c0e653dd803091a35c3a751d12bcffe8c817_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:7a2cca59e90e285eccf4f0b46786c0e653dd803091a35c3a751d12bcffe8c817_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:7a2cca59e90e285eccf4f0b46786c0e653dd803091a35c3a751d12bcffe8c817_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:7a2cca59e90e285eccf4f0b46786c0e653dd803091a35c3a751d12bcffe8c817?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.2.11-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:5b4a6cfe137c2fc858609f5e0bd3305cd0c8f4ad054d601f603b9d39ce335144_s390x",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:5b4a6cfe137c2fc858609f5e0bd3305cd0c8f4ad054d601f603b9d39ce335144_s390x",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:5b4a6cfe137c2fc858609f5e0bd3305cd0c8f4ad054d601f603b9d39ce335144_s390x",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:5b4a6cfe137c2fc858609f5e0bd3305cd0c8f4ad054d601f603b9d39ce335144?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.2.11-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:23478091aeaeb3d161af0925a9b51d8b9684d08e3b3ce28f46c922c99d454b43_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:23478091aeaeb3d161af0925a9b51d8b9684d08e3b3ce28f46c922c99d454b43_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:23478091aeaeb3d161af0925a9b51d8b9684d08e3b3ce28f46c922c99d454b43_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:23478091aeaeb3d161af0925a9b51d8b9684d08e3b3ce28f46c922c99d454b43?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.2.11-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:e99c2da16e42573a7684c7a36ba5eafbc58101ce25c321602bac9926f37a5a28_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:e99c2da16e42573a7684c7a36ba5eafbc58101ce25c321602bac9926f37a5a28_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:e99c2da16e42573a7684c7a36ba5eafbc58101ce25c321602bac9926f37a5a28_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:e99c2da16e42573a7684c7a36ba5eafbc58101ce25c321602bac9926f37a5a28?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.2.11-3"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:7f58375b39ee7ed44fb1bd351f55057929fe94cc973cfae52336a3a23245308a_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:7f58375b39ee7ed44fb1bd351f55057929fe94cc973cfae52336a3a23245308a_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:7f58375b39ee7ed44fb1bd351f55057929fe94cc973cfae52336a3a23245308a_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:8c32a706594a914ea07519d8b8181af80d7d63f8ae16cdff00552e9bde3e04a4_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8c32a706594a914ea07519d8b8181af80d7d63f8ae16cdff00552e9bde3e04a4_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:8c32a706594a914ea07519d8b8181af80d7d63f8ae16cdff00552e9bde3e04a4_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:a43e967f356eb8c3dfa082752045b4f3d3e4accaf539825487c3d9dc222e89be_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:a43e967f356eb8c3dfa082752045b4f3d3e4accaf539825487c3d9dc222e89be_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:a43e967f356eb8c3dfa082752045b4f3d3e4accaf539825487c3d9dc222e89be_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:1be9910498fad81c5f75b549888a1848a72025de76c7077319d88c2c01810307_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:1be9910498fad81c5f75b549888a1848a72025de76c7077319d88c2c01810307_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:1be9910498fad81c5f75b549888a1848a72025de76c7077319d88c2c01810307_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3acabc42f763763a0dd787b847b95cc851cfe1e8d0ef23e29149a406c926a5f1_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3acabc42f763763a0dd787b847b95cc851cfe1e8d0ef23e29149a406c926a5f1_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:3acabc42f763763a0dd787b847b95cc851cfe1e8d0ef23e29149a406c926a5f1_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:a22df732e77a5352f63c9043dc07d0ebc21aa13322d809d36c23967a748671bd_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a22df732e77a5352f63c9043dc07d0ebc21aa13322d809d36c23967a748671bd_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:a22df732e77a5352f63c9043dc07d0ebc21aa13322d809d36c23967a748671bd_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1d4de29ba184fba74c0a20228f02731480e08804f173f04e1c23dba55811de32_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:1d4de29ba184fba74c0a20228f02731480e08804f173f04e1c23dba55811de32_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1d4de29ba184fba74c0a20228f02731480e08804f173f04e1c23dba55811de32_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a32af0e0ea904a63369444e1de9075941cda6268b6c1f3e129a2aafb2892efb_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a32af0e0ea904a63369444e1de9075941cda6268b6c1f3e129a2aafb2892efb_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a32af0e0ea904a63369444e1de9075941cda6268b6c1f3e129a2aafb2892efb_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:8c93aafd4c2424e8cf5065aca72eae6b4fd13c701deccaa37f1c4bf241802dae_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:8c93aafd4c2424e8cf5065aca72eae6b4fd13c701deccaa37f1c4bf241802dae_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:8c93aafd4c2424e8cf5065aca72eae6b4fd13c701deccaa37f1c4bf241802dae_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:957d12face152b24cf0dfbb965b3091ea75eb968e1041079986ac84ca39ed076_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:957d12face152b24cf0dfbb965b3091ea75eb968e1041079986ac84ca39ed076_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:957d12face152b24cf0dfbb965b3091ea75eb968e1041079986ac84ca39ed076_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:d9dd763fbb43bd1db2b5c59a921b532d898dd2029c2d149fc6a3839546b30ed5_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d9dd763fbb43bd1db2b5c59a921b532d898dd2029c2d149fc6a3839546b30ed5_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:d9dd763fbb43bd1db2b5c59a921b532d898dd2029c2d149fc6a3839546b30ed5_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:e24e22e9155184d5140fb3bbea77ac91908505796f55811b4800e75445f7a20e_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:e24e22e9155184d5140fb3bbea77ac91908505796f55811b4800e75445f7a20e_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:e24e22e9155184d5140fb3bbea77ac91908505796f55811b4800e75445f7a20e_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:1233216c4378bcf01dc9673856d34439ad254f3fcdc1acb584d6abe4de550da8_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1233216c4378bcf01dc9673856d34439ad254f3fcdc1acb584d6abe4de550da8_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:1233216c4378bcf01dc9673856d34439ad254f3fcdc1acb584d6abe4de550da8_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:319e5911c349cd8613d6a8b429b9402a7cebfcd0d7175e0bef449f0eb305643b_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:319e5911c349cd8613d6a8b429b9402a7cebfcd0d7175e0bef449f0eb305643b_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:319e5911c349cd8613d6a8b429b9402a7cebfcd0d7175e0bef449f0eb305643b_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:7a2cca59e90e285eccf4f0b46786c0e653dd803091a35c3a751d12bcffe8c817_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7a2cca59e90e285eccf4f0b46786c0e653dd803091a35c3a751d12bcffe8c817_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:7a2cca59e90e285eccf4f0b46786c0e653dd803091a35c3a751d12bcffe8c817_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:4a9dcc95179300d844f62e30f667965e62a86a850fd3417f422d2f72d5a8ccf5_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:4a9dcc95179300d844f62e30f667965e62a86a850fd3417f422d2f72d5a8ccf5_amd64"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:4a9dcc95179300d844f62e30f667965e62a86a850fd3417f422d2f72d5a8ccf5_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:5b4a6cfe137c2fc858609f5e0bd3305cd0c8f4ad054d601f603b9d39ce335144_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b4a6cfe137c2fc858609f5e0bd3305cd0c8f4ad054d601f603b9d39ce335144_s390x"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:5b4a6cfe137c2fc858609f5e0bd3305cd0c8f4ad054d601f603b9d39ce335144_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:f1975242cf74fe2d6ab0908e04e4ea5b33c32e09112b7ef58640436e677ac9b9_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f1975242cf74fe2d6ab0908e04e4ea5b33c32e09112b7ef58640436e677ac9b9_ppc64le"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:f1975242cf74fe2d6ab0908e04e4ea5b33c32e09112b7ef58640436e677ac9b9_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:23478091aeaeb3d161af0925a9b51d8b9684d08e3b3ce28f46c922c99d454b43_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:23478091aeaeb3d161af0925a9b51d8b9684d08e3b3ce28f46c922c99d454b43_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:23478091aeaeb3d161af0925a9b51d8b9684d08e3b3ce28f46c922c99d454b43_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:7d529995fe3512ce543cc612717c8c7af34a57447620e5abd749de0456a30a47_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:7d529995fe3512ce543cc612717c8c7af34a57447620e5abd749de0456a30a47_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:7d529995fe3512ce543cc612717c8c7af34a57447620e5abd749de0456a30a47_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:b429f0c68834e5e6dd95e9b9396980ed789302e3ab756decf00a18d9bc94a74b_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:b429f0c68834e5e6dd95e9b9396980ed789302e3ab756decf00a18d9bc94a74b_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:b429f0c68834e5e6dd95e9b9396980ed789302e3ab756decf00a18d9bc94a74b_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:0917002c2854e6161df80644db34e7908fd9522e56ab1a8e8865d0f4859c8880_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0917002c2854e6161df80644db34e7908fd9522e56ab1a8e8865d0f4859c8880_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:0917002c2854e6161df80644db34e7908fd9522e56ab1a8e8865d0f4859c8880_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:e99c2da16e42573a7684c7a36ba5eafbc58101ce25c321602bac9926f37a5a28_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:e99c2da16e42573a7684c7a36ba5eafbc58101ce25c321602bac9926f37a5a28_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:e99c2da16e42573a7684c7a36ba5eafbc58101ce25c321602bac9926f37a5a28_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:f230fe266302fde1ec9e793e8598d34a8e6814ee1641eacfb526cf67badd6642_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:f230fe266302fde1ec9e793e8598d34a8e6814ee1641eacfb526cf67badd6642_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:f230fe266302fde1ec9e793e8598d34a8e6814ee1641eacfb526cf67badd6642_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:7f58375b39ee7ed44fb1bd351f55057929fe94cc973cfae52336a3a23245308a_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8c32a706594a914ea07519d8b8181af80d7d63f8ae16cdff00552e9bde3e04a4_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:a43e967f356eb8c3dfa082752045b4f3d3e4accaf539825487c3d9dc222e89be_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:1be9910498fad81c5f75b549888a1848a72025de76c7077319d88c2c01810307_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3acabc42f763763a0dd787b847b95cc851cfe1e8d0ef23e29149a406c926a5f1_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a22df732e77a5352f63c9043dc07d0ebc21aa13322d809d36c23967a748671bd_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:1d4de29ba184fba74c0a20228f02731480e08804f173f04e1c23dba55811de32_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a32af0e0ea904a63369444e1de9075941cda6268b6c1f3e129a2aafb2892efb_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:8c93aafd4c2424e8cf5065aca72eae6b4fd13c701deccaa37f1c4bf241802dae_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:957d12face152b24cf0dfbb965b3091ea75eb968e1041079986ac84ca39ed076_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d9dd763fbb43bd1db2b5c59a921b532d898dd2029c2d149fc6a3839546b30ed5_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:e24e22e9155184d5140fb3bbea77ac91908505796f55811b4800e75445f7a20e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1233216c4378bcf01dc9673856d34439ad254f3fcdc1acb584d6abe4de550da8_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:319e5911c349cd8613d6a8b429b9402a7cebfcd0d7175e0bef449f0eb305643b_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7a2cca59e90e285eccf4f0b46786c0e653dd803091a35c3a751d12bcffe8c817_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:4a9dcc95179300d844f62e30f667965e62a86a850fd3417f422d2f72d5a8ccf5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b4a6cfe137c2fc858609f5e0bd3305cd0c8f4ad054d601f603b9d39ce335144_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f1975242cf74fe2d6ab0908e04e4ea5b33c32e09112b7ef58640436e677ac9b9_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:23478091aeaeb3d161af0925a9b51d8b9684d08e3b3ce28f46c922c99d454b43_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:7d529995fe3512ce543cc612717c8c7af34a57447620e5abd749de0456a30a47_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:b429f0c68834e5e6dd95e9b9396980ed789302e3ab756decf00a18d9bc94a74b_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0917002c2854e6161df80644db34e7908fd9522e56ab1a8e8865d0f4859c8880_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:e99c2da16e42573a7684c7a36ba5eafbc58101ce25c321602bac9926f37a5a28_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:f230fe266302fde1ec9e793e8598d34a8e6814ee1641eacfb526cf67badd6642_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T22:22:20+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:7f58375b39ee7ed44fb1bd351f55057929fe94cc973cfae52336a3a23245308a_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8c32a706594a914ea07519d8b8181af80d7d63f8ae16cdff00552e9bde3e04a4_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:a43e967f356eb8c3dfa082752045b4f3d3e4accaf539825487c3d9dc222e89be_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:1be9910498fad81c5f75b549888a1848a72025de76c7077319d88c2c01810307_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3acabc42f763763a0dd787b847b95cc851cfe1e8d0ef23e29149a406c926a5f1_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a22df732e77a5352f63c9043dc07d0ebc21aa13322d809d36c23967a748671bd_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:1d4de29ba184fba74c0a20228f02731480e08804f173f04e1c23dba55811de32_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a32af0e0ea904a63369444e1de9075941cda6268b6c1f3e129a2aafb2892efb_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:8c93aafd4c2424e8cf5065aca72eae6b4fd13c701deccaa37f1c4bf241802dae_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:957d12face152b24cf0dfbb965b3091ea75eb968e1041079986ac84ca39ed076_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d9dd763fbb43bd1db2b5c59a921b532d898dd2029c2d149fc6a3839546b30ed5_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:e24e22e9155184d5140fb3bbea77ac91908505796f55811b4800e75445f7a20e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1233216c4378bcf01dc9673856d34439ad254f3fcdc1acb584d6abe4de550da8_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:319e5911c349cd8613d6a8b429b9402a7cebfcd0d7175e0bef449f0eb305643b_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7a2cca59e90e285eccf4f0b46786c0e653dd803091a35c3a751d12bcffe8c817_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:4a9dcc95179300d844f62e30f667965e62a86a850fd3417f422d2f72d5a8ccf5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b4a6cfe137c2fc858609f5e0bd3305cd0c8f4ad054d601f603b9d39ce335144_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f1975242cf74fe2d6ab0908e04e4ea5b33c32e09112b7ef58640436e677ac9b9_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:23478091aeaeb3d161af0925a9b51d8b9684d08e3b3ce28f46c922c99d454b43_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:7d529995fe3512ce543cc612717c8c7af34a57447620e5abd749de0456a30a47_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:b429f0c68834e5e6dd95e9b9396980ed789302e3ab756decf00a18d9bc94a74b_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0917002c2854e6161df80644db34e7908fd9522e56ab1a8e8865d0f4859c8880_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:e99c2da16e42573a7684c7a36ba5eafbc58101ce25c321602bac9926f37a5a28_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:f230fe266302fde1ec9e793e8598d34a8e6814ee1641eacfb526cf67badd6642_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5950"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:7f58375b39ee7ed44fb1bd351f55057929fe94cc973cfae52336a3a23245308a_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8c32a706594a914ea07519d8b8181af80d7d63f8ae16cdff00552e9bde3e04a4_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:a43e967f356eb8c3dfa082752045b4f3d3e4accaf539825487c3d9dc222e89be_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:1be9910498fad81c5f75b549888a1848a72025de76c7077319d88c2c01810307_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3acabc42f763763a0dd787b847b95cc851cfe1e8d0ef23e29149a406c926a5f1_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a22df732e77a5352f63c9043dc07d0ebc21aa13322d809d36c23967a748671bd_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:1d4de29ba184fba74c0a20228f02731480e08804f173f04e1c23dba55811de32_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a32af0e0ea904a63369444e1de9075941cda6268b6c1f3e129a2aafb2892efb_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:8c93aafd4c2424e8cf5065aca72eae6b4fd13c701deccaa37f1c4bf241802dae_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:957d12face152b24cf0dfbb965b3091ea75eb968e1041079986ac84ca39ed076_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d9dd763fbb43bd1db2b5c59a921b532d898dd2029c2d149fc6a3839546b30ed5_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:e24e22e9155184d5140fb3bbea77ac91908505796f55811b4800e75445f7a20e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1233216c4378bcf01dc9673856d34439ad254f3fcdc1acb584d6abe4de550da8_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:319e5911c349cd8613d6a8b429b9402a7cebfcd0d7175e0bef449f0eb305643b_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7a2cca59e90e285eccf4f0b46786c0e653dd803091a35c3a751d12bcffe8c817_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:4a9dcc95179300d844f62e30f667965e62a86a850fd3417f422d2f72d5a8ccf5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b4a6cfe137c2fc858609f5e0bd3305cd0c8f4ad054d601f603b9d39ce335144_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f1975242cf74fe2d6ab0908e04e4ea5b33c32e09112b7ef58640436e677ac9b9_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:23478091aeaeb3d161af0925a9b51d8b9684d08e3b3ce28f46c922c99d454b43_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:7d529995fe3512ce543cc612717c8c7af34a57447620e5abd749de0456a30a47_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:b429f0c68834e5e6dd95e9b9396980ed789302e3ab756decf00a18d9bc94a74b_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0917002c2854e6161df80644db34e7908fd9522e56ab1a8e8865d0f4859c8880_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:e99c2da16e42573a7684c7a36ba5eafbc58101ce25c321602bac9926f37a5a28_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:f230fe266302fde1ec9e793e8598d34a8e6814ee1641eacfb526cf67badd6642_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:7f58375b39ee7ed44fb1bd351f55057929fe94cc973cfae52336a3a23245308a_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8c32a706594a914ea07519d8b8181af80d7d63f8ae16cdff00552e9bde3e04a4_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:a43e967f356eb8c3dfa082752045b4f3d3e4accaf539825487c3d9dc222e89be_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:1be9910498fad81c5f75b549888a1848a72025de76c7077319d88c2c01810307_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3acabc42f763763a0dd787b847b95cc851cfe1e8d0ef23e29149a406c926a5f1_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a22df732e77a5352f63c9043dc07d0ebc21aa13322d809d36c23967a748671bd_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:1d4de29ba184fba74c0a20228f02731480e08804f173f04e1c23dba55811de32_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a32af0e0ea904a63369444e1de9075941cda6268b6c1f3e129a2aafb2892efb_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:8c93aafd4c2424e8cf5065aca72eae6b4fd13c701deccaa37f1c4bf241802dae_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:957d12face152b24cf0dfbb965b3091ea75eb968e1041079986ac84ca39ed076_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d9dd763fbb43bd1db2b5c59a921b532d898dd2029c2d149fc6a3839546b30ed5_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:e24e22e9155184d5140fb3bbea77ac91908505796f55811b4800e75445f7a20e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1233216c4378bcf01dc9673856d34439ad254f3fcdc1acb584d6abe4de550da8_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:319e5911c349cd8613d6a8b429b9402a7cebfcd0d7175e0bef449f0eb305643b_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7a2cca59e90e285eccf4f0b46786c0e653dd803091a35c3a751d12bcffe8c817_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:4a9dcc95179300d844f62e30f667965e62a86a850fd3417f422d2f72d5a8ccf5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b4a6cfe137c2fc858609f5e0bd3305cd0c8f4ad054d601f603b9d39ce335144_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f1975242cf74fe2d6ab0908e04e4ea5b33c32e09112b7ef58640436e677ac9b9_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:23478091aeaeb3d161af0925a9b51d8b9684d08e3b3ce28f46c922c99d454b43_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:7d529995fe3512ce543cc612717c8c7af34a57447620e5abd749de0456a30a47_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:b429f0c68834e5e6dd95e9b9396980ed789302e3ab756decf00a18d9bc94a74b_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0917002c2854e6161df80644db34e7908fd9522e56ab1a8e8865d0f4859c8880_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:e99c2da16e42573a7684c7a36ba5eafbc58101ce25c321602bac9926f37a5a28_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:f230fe266302fde1ec9e793e8598d34a8e6814ee1641eacfb526cf67badd6642_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
}
]
}
RHSA-2023:5951
Vulnerability from csaf_redhat - Published: 2023-10-19 22:22 - Updated: 2026-06-05 00:58Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh for 2.3.8 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat OpenShift Service Mesh 2.3 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:4e67414dfcc88b3f94dca8ee7fe62d03ac3d138b18f5f6574713dc9bb809d3ff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:66bdf543e17fe026a5b720087682d33a492a84bfd5b3c717fbbc30535a6a4c4d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:f29b28ae92405e632bf63dbb6566c04073a62ef446ea9bca584265a8f3353013_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:344e639a1b16c36a70d09e4d10f6a1ab4804f01de8ff3bd6c60d1030a8090911_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:750f4b83ce44dd47d27439e087611e3c399710ebb0ea33765b3c83182d18e396_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:d7152f40deaa38d416cd653455ac20b802490f84bc79024f54956a380bb02055_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:2427a853c9389bb114156fa27486d212ccd78de225f4142e5532842e253d9c37_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6cd43ff321e7f85117b3bf03917a4482b1407b902969b4bf9eb1df5deae5c61_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:d76e482f8630a923c7242a594d213456e03cfafd60c46b13d45b54feae948f10_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:2cabeb129d785a02781cf55f7f2d51ab61803aeceab8631f629ea28d67e87619_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:32413bff489fcc1bee1429f7961afc952a7ee14dc85c9be09595bd904748c351_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ceb2befd459e5d0dbe11d8bf7f5300ea22e652c470d03527a67889aede1727cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:7c8cc5ef1661c3251218c018ac22d12ef01d5131c97f892b56e73e7bc156e191_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:dbdcbcc8418a1e72b5334e3d44a2335f83c8e7f9fe81be75ab4d0590ec3fd771_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:fd3c33346c04944302b8bb4a17a271f5d972477cbe7ccfe6b4a2978cade0471d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:806004d0539858a2186d68044f2e745a317de9f1ebc2b2b62bc2090fec5ad246_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:c6e94904608cbb391c0ffb2a8822141137f17c0278edc2d0272cadb80e905dd3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:f6a56e4cf0ede7181179dcbb76bfc01cecb70b8888abc0366b0a7fd5c70d29c9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:087c8e702374130c2b615a094be1c0b9b8f317e9266c8b8b4d043449d2cb64d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:983e1408faa6fc6a7f5494b817fe35fd67e897a0d06e206a0e6a931df92d7be7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:a4995e0d3dd1670c973df461230df237151b385a91a67dfe6f671fae77d2b9e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:3d49622cf676691f77379b8aae6622297ff2ac8e0a1e1031dd94d531fcc0613d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:8c893e92950f88e4bad45a278b12570d5e91f6e28b038f0f30778d6b3f11a3e4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:b47bafddc9df4e933ee3cc620b87bc1fef140455fde9329c642850836d6b760d_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Service Mesh 2.3 for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5951",
"url": "https://access.redhat.com/errata/RHSA-2023:5951"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242010"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "OSSM-4996",
"url": "https://issues.redhat.com/browse/OSSM-4996"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5951.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh for 2.3.8 security update",
"tracking": {
"current_release_date": "2026-06-05T00:58:37+00:00",
"generator": {
"date": "2026-06-05T00:58:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5951",
"initial_release_date": "2023-10-19T22:22:22+00:00",
"revision_history": [
{
"date": "2023-10-19T22:22:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-19T22:22:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:58:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOSSM 2.3 for RHEL 8",
"product": {
"name": "RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:d7152f40deaa38d416cd653455ac20b802490f84bc79024f54956a380bb02055_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:d7152f40deaa38d416cd653455ac20b802490f84bc79024f54956a380bb02055_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:d7152f40deaa38d416cd653455ac20b802490f84bc79024f54956a380bb02055_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:d7152f40deaa38d416cd653455ac20b802490f84bc79024f54956a380bb02055?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.3.8-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:4e67414dfcc88b3f94dca8ee7fe62d03ac3d138b18f5f6574713dc9bb809d3ff_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:4e67414dfcc88b3f94dca8ee7fe62d03ac3d138b18f5f6574713dc9bb809d3ff_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:4e67414dfcc88b3f94dca8ee7fe62d03ac3d138b18f5f6574713dc9bb809d3ff_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:4e67414dfcc88b3f94dca8ee7fe62d03ac3d138b18f5f6574713dc9bb809d3ff?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.3.8-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:ceb2befd459e5d0dbe11d8bf7f5300ea22e652c470d03527a67889aede1727cc_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:ceb2befd459e5d0dbe11d8bf7f5300ea22e652c470d03527a67889aede1727cc_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:ceb2befd459e5d0dbe11d8bf7f5300ea22e652c470d03527a67889aede1727cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:ceb2befd459e5d0dbe11d8bf7f5300ea22e652c470d03527a67889aede1727cc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.57.13-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6cd43ff321e7f85117b3bf03917a4482b1407b902969b4bf9eb1df5deae5c61_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6cd43ff321e7f85117b3bf03917a4482b1407b902969b4bf9eb1df5deae5c61_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6cd43ff321e7f85117b3bf03917a4482b1407b902969b4bf9eb1df5deae5c61_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:b6cd43ff321e7f85117b3bf03917a4482b1407b902969b4bf9eb1df5deae5c61?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.3.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:fd3c33346c04944302b8bb4a17a271f5d972477cbe7ccfe6b4a2978cade0471d_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:fd3c33346c04944302b8bb4a17a271f5d972477cbe7ccfe6b4a2978cade0471d_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:fd3c33346c04944302b8bb4a17a271f5d972477cbe7ccfe6b4a2978cade0471d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:fd3c33346c04944302b8bb4a17a271f5d972477cbe7ccfe6b4a2978cade0471d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.3.8-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:f6a56e4cf0ede7181179dcbb76bfc01cecb70b8888abc0366b0a7fd5c70d29c9_s390x",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:f6a56e4cf0ede7181179dcbb76bfc01cecb70b8888abc0366b0a7fd5c70d29c9_s390x",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:f6a56e4cf0ede7181179dcbb76bfc01cecb70b8888abc0366b0a7fd5c70d29c9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:f6a56e4cf0ede7181179dcbb76bfc01cecb70b8888abc0366b0a7fd5c70d29c9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.3.8-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:983e1408faa6fc6a7f5494b817fe35fd67e897a0d06e206a0e6a931df92d7be7_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:983e1408faa6fc6a7f5494b817fe35fd67e897a0d06e206a0e6a931df92d7be7_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:983e1408faa6fc6a7f5494b817fe35fd67e897a0d06e206a0e6a931df92d7be7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:983e1408faa6fc6a7f5494b817fe35fd67e897a0d06e206a0e6a931df92d7be7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.3.8-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:3d49622cf676691f77379b8aae6622297ff2ac8e0a1e1031dd94d531fcc0613d_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:3d49622cf676691f77379b8aae6622297ff2ac8e0a1e1031dd94d531fcc0613d_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:3d49622cf676691f77379b8aae6622297ff2ac8e0a1e1031dd94d531fcc0613d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:3d49622cf676691f77379b8aae6622297ff2ac8e0a1e1031dd94d531fcc0613d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.3.8-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:344e639a1b16c36a70d09e4d10f6a1ab4804f01de8ff3bd6c60d1030a8090911_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:344e639a1b16c36a70d09e4d10f6a1ab4804f01de8ff3bd6c60d1030a8090911_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:344e639a1b16c36a70d09e4d10f6a1ab4804f01de8ff3bd6c60d1030a8090911_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:344e639a1b16c36a70d09e4d10f6a1ab4804f01de8ff3bd6c60d1030a8090911?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.3.8-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:f29b28ae92405e632bf63dbb6566c04073a62ef446ea9bca584265a8f3353013_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:f29b28ae92405e632bf63dbb6566c04073a62ef446ea9bca584265a8f3353013_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:f29b28ae92405e632bf63dbb6566c04073a62ef446ea9bca584265a8f3353013_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:f29b28ae92405e632bf63dbb6566c04073a62ef446ea9bca584265a8f3353013?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.3.8-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:2cabeb129d785a02781cf55f7f2d51ab61803aeceab8631f629ea28d67e87619_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:2cabeb129d785a02781cf55f7f2d51ab61803aeceab8631f629ea28d67e87619_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:2cabeb129d785a02781cf55f7f2d51ab61803aeceab8631f629ea28d67e87619_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:2cabeb129d785a02781cf55f7f2d51ab61803aeceab8631f629ea28d67e87619?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.57.13-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2427a853c9389bb114156fa27486d212ccd78de225f4142e5532842e253d9c37_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2427a853c9389bb114156fa27486d212ccd78de225f4142e5532842e253d9c37_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2427a853c9389bb114156fa27486d212ccd78de225f4142e5532842e253d9c37_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:2427a853c9389bb114156fa27486d212ccd78de225f4142e5532842e253d9c37?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.3.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:7c8cc5ef1661c3251218c018ac22d12ef01d5131c97f892b56e73e7bc156e191_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:7c8cc5ef1661c3251218c018ac22d12ef01d5131c97f892b56e73e7bc156e191_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:7c8cc5ef1661c3251218c018ac22d12ef01d5131c97f892b56e73e7bc156e191_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:7c8cc5ef1661c3251218c018ac22d12ef01d5131c97f892b56e73e7bc156e191?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.3.8-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:806004d0539858a2186d68044f2e745a317de9f1ebc2b2b62bc2090fec5ad246_amd64",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:806004d0539858a2186d68044f2e745a317de9f1ebc2b2b62bc2090fec5ad246_amd64",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:806004d0539858a2186d68044f2e745a317de9f1ebc2b2b62bc2090fec5ad246_amd64",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:806004d0539858a2186d68044f2e745a317de9f1ebc2b2b62bc2090fec5ad246?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.3.8-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:087c8e702374130c2b615a094be1c0b9b8f317e9266c8b8b4d043449d2cb64d9_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:087c8e702374130c2b615a094be1c0b9b8f317e9266c8b8b4d043449d2cb64d9_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:087c8e702374130c2b615a094be1c0b9b8f317e9266c8b8b4d043449d2cb64d9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:087c8e702374130c2b615a094be1c0b9b8f317e9266c8b8b4d043449d2cb64d9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.3.8-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:b47bafddc9df4e933ee3cc620b87bc1fef140455fde9329c642850836d6b760d_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:b47bafddc9df4e933ee3cc620b87bc1fef140455fde9329c642850836d6b760d_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:b47bafddc9df4e933ee3cc620b87bc1fef140455fde9329c642850836d6b760d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:b47bafddc9df4e933ee3cc620b87bc1fef140455fde9329c642850836d6b760d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.3.8-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:750f4b83ce44dd47d27439e087611e3c399710ebb0ea33765b3c83182d18e396_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:750f4b83ce44dd47d27439e087611e3c399710ebb0ea33765b3c83182d18e396_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:750f4b83ce44dd47d27439e087611e3c399710ebb0ea33765b3c83182d18e396_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:750f4b83ce44dd47d27439e087611e3c399710ebb0ea33765b3c83182d18e396?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.3.8-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:66bdf543e17fe026a5b720087682d33a492a84bfd5b3c717fbbc30535a6a4c4d_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:66bdf543e17fe026a5b720087682d33a492a84bfd5b3c717fbbc30535a6a4c4d_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:66bdf543e17fe026a5b720087682d33a492a84bfd5b3c717fbbc30535a6a4c4d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:66bdf543e17fe026a5b720087682d33a492a84bfd5b3c717fbbc30535a6a4c4d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.3.8-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:32413bff489fcc1bee1429f7961afc952a7ee14dc85c9be09595bd904748c351_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:32413bff489fcc1bee1429f7961afc952a7ee14dc85c9be09595bd904748c351_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:32413bff489fcc1bee1429f7961afc952a7ee14dc85c9be09595bd904748c351_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:32413bff489fcc1bee1429f7961afc952a7ee14dc85c9be09595bd904748c351?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.57.13-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d76e482f8630a923c7242a594d213456e03cfafd60c46b13d45b54feae948f10_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d76e482f8630a923c7242a594d213456e03cfafd60c46b13d45b54feae948f10_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d76e482f8630a923c7242a594d213456e03cfafd60c46b13d45b54feae948f10_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:d76e482f8630a923c7242a594d213456e03cfafd60c46b13d45b54feae948f10?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.3.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:dbdcbcc8418a1e72b5334e3d44a2335f83c8e7f9fe81be75ab4d0590ec3fd771_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:dbdcbcc8418a1e72b5334e3d44a2335f83c8e7f9fe81be75ab4d0590ec3fd771_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:dbdcbcc8418a1e72b5334e3d44a2335f83c8e7f9fe81be75ab4d0590ec3fd771_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:dbdcbcc8418a1e72b5334e3d44a2335f83c8e7f9fe81be75ab4d0590ec3fd771?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.3.8-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:c6e94904608cbb391c0ffb2a8822141137f17c0278edc2d0272cadb80e905dd3_ppc64le",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:c6e94904608cbb391c0ffb2a8822141137f17c0278edc2d0272cadb80e905dd3_ppc64le",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:c6e94904608cbb391c0ffb2a8822141137f17c0278edc2d0272cadb80e905dd3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:c6e94904608cbb391c0ffb2a8822141137f17c0278edc2d0272cadb80e905dd3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.3.8-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:a4995e0d3dd1670c973df461230df237151b385a91a67dfe6f671fae77d2b9e2_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:a4995e0d3dd1670c973df461230df237151b385a91a67dfe6f671fae77d2b9e2_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:a4995e0d3dd1670c973df461230df237151b385a91a67dfe6f671fae77d2b9e2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:a4995e0d3dd1670c973df461230df237151b385a91a67dfe6f671fae77d2b9e2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.3.8-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8c893e92950f88e4bad45a278b12570d5e91f6e28b038f0f30778d6b3f11a3e4_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8c893e92950f88e4bad45a278b12570d5e91f6e28b038f0f30778d6b3f11a3e4_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:8c893e92950f88e4bad45a278b12570d5e91f6e28b038f0f30778d6b3f11a3e4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:8c893e92950f88e4bad45a278b12570d5e91f6e28b038f0f30778d6b3f11a3e4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.3.8-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:4e67414dfcc88b3f94dca8ee7fe62d03ac3d138b18f5f6574713dc9bb809d3ff_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:4e67414dfcc88b3f94dca8ee7fe62d03ac3d138b18f5f6574713dc9bb809d3ff_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:4e67414dfcc88b3f94dca8ee7fe62d03ac3d138b18f5f6574713dc9bb809d3ff_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:66bdf543e17fe026a5b720087682d33a492a84bfd5b3c717fbbc30535a6a4c4d_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:66bdf543e17fe026a5b720087682d33a492a84bfd5b3c717fbbc30535a6a4c4d_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:66bdf543e17fe026a5b720087682d33a492a84bfd5b3c717fbbc30535a6a4c4d_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:f29b28ae92405e632bf63dbb6566c04073a62ef446ea9bca584265a8f3353013_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:f29b28ae92405e632bf63dbb6566c04073a62ef446ea9bca584265a8f3353013_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:f29b28ae92405e632bf63dbb6566c04073a62ef446ea9bca584265a8f3353013_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:344e639a1b16c36a70d09e4d10f6a1ab4804f01de8ff3bd6c60d1030a8090911_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:344e639a1b16c36a70d09e4d10f6a1ab4804f01de8ff3bd6c60d1030a8090911_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:344e639a1b16c36a70d09e4d10f6a1ab4804f01de8ff3bd6c60d1030a8090911_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:750f4b83ce44dd47d27439e087611e3c399710ebb0ea33765b3c83182d18e396_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:750f4b83ce44dd47d27439e087611e3c399710ebb0ea33765b3c83182d18e396_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:750f4b83ce44dd47d27439e087611e3c399710ebb0ea33765b3c83182d18e396_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:d7152f40deaa38d416cd653455ac20b802490f84bc79024f54956a380bb02055_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:d7152f40deaa38d416cd653455ac20b802490f84bc79024f54956a380bb02055_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:d7152f40deaa38d416cd653455ac20b802490f84bc79024f54956a380bb02055_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2427a853c9389bb114156fa27486d212ccd78de225f4142e5532842e253d9c37_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:2427a853c9389bb114156fa27486d212ccd78de225f4142e5532842e253d9c37_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2427a853c9389bb114156fa27486d212ccd78de225f4142e5532842e253d9c37_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6cd43ff321e7f85117b3bf03917a4482b1407b902969b4bf9eb1df5deae5c61_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6cd43ff321e7f85117b3bf03917a4482b1407b902969b4bf9eb1df5deae5c61_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6cd43ff321e7f85117b3bf03917a4482b1407b902969b4bf9eb1df5deae5c61_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d76e482f8630a923c7242a594d213456e03cfafd60c46b13d45b54feae948f10_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:d76e482f8630a923c7242a594d213456e03cfafd60c46b13d45b54feae948f10_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d76e482f8630a923c7242a594d213456e03cfafd60c46b13d45b54feae948f10_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:2cabeb129d785a02781cf55f7f2d51ab61803aeceab8631f629ea28d67e87619_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:2cabeb129d785a02781cf55f7f2d51ab61803aeceab8631f629ea28d67e87619_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:2cabeb129d785a02781cf55f7f2d51ab61803aeceab8631f629ea28d67e87619_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:32413bff489fcc1bee1429f7961afc952a7ee14dc85c9be09595bd904748c351_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:32413bff489fcc1bee1429f7961afc952a7ee14dc85c9be09595bd904748c351_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:32413bff489fcc1bee1429f7961afc952a7ee14dc85c9be09595bd904748c351_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:ceb2befd459e5d0dbe11d8bf7f5300ea22e652c470d03527a67889aede1727cc_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ceb2befd459e5d0dbe11d8bf7f5300ea22e652c470d03527a67889aede1727cc_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:ceb2befd459e5d0dbe11d8bf7f5300ea22e652c470d03527a67889aede1727cc_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:7c8cc5ef1661c3251218c018ac22d12ef01d5131c97f892b56e73e7bc156e191_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:7c8cc5ef1661c3251218c018ac22d12ef01d5131c97f892b56e73e7bc156e191_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:7c8cc5ef1661c3251218c018ac22d12ef01d5131c97f892b56e73e7bc156e191_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:dbdcbcc8418a1e72b5334e3d44a2335f83c8e7f9fe81be75ab4d0590ec3fd771_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:dbdcbcc8418a1e72b5334e3d44a2335f83c8e7f9fe81be75ab4d0590ec3fd771_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:dbdcbcc8418a1e72b5334e3d44a2335f83c8e7f9fe81be75ab4d0590ec3fd771_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:fd3c33346c04944302b8bb4a17a271f5d972477cbe7ccfe6b4a2978cade0471d_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:fd3c33346c04944302b8bb4a17a271f5d972477cbe7ccfe6b4a2978cade0471d_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:fd3c33346c04944302b8bb4a17a271f5d972477cbe7ccfe6b4a2978cade0471d_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:806004d0539858a2186d68044f2e745a317de9f1ebc2b2b62bc2090fec5ad246_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:806004d0539858a2186d68044f2e745a317de9f1ebc2b2b62bc2090fec5ad246_amd64"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:806004d0539858a2186d68044f2e745a317de9f1ebc2b2b62bc2090fec5ad246_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:c6e94904608cbb391c0ffb2a8822141137f17c0278edc2d0272cadb80e905dd3_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:c6e94904608cbb391c0ffb2a8822141137f17c0278edc2d0272cadb80e905dd3_ppc64le"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:c6e94904608cbb391c0ffb2a8822141137f17c0278edc2d0272cadb80e905dd3_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:f6a56e4cf0ede7181179dcbb76bfc01cecb70b8888abc0366b0a7fd5c70d29c9_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:f6a56e4cf0ede7181179dcbb76bfc01cecb70b8888abc0366b0a7fd5c70d29c9_s390x"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:f6a56e4cf0ede7181179dcbb76bfc01cecb70b8888abc0366b0a7fd5c70d29c9_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:087c8e702374130c2b615a094be1c0b9b8f317e9266c8b8b4d043449d2cb64d9_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:087c8e702374130c2b615a094be1c0b9b8f317e9266c8b8b4d043449d2cb64d9_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:087c8e702374130c2b615a094be1c0b9b8f317e9266c8b8b4d043449d2cb64d9_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:983e1408faa6fc6a7f5494b817fe35fd67e897a0d06e206a0e6a931df92d7be7_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:983e1408faa6fc6a7f5494b817fe35fd67e897a0d06e206a0e6a931df92d7be7_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:983e1408faa6fc6a7f5494b817fe35fd67e897a0d06e206a0e6a931df92d7be7_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:a4995e0d3dd1670c973df461230df237151b385a91a67dfe6f671fae77d2b9e2_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:a4995e0d3dd1670c973df461230df237151b385a91a67dfe6f671fae77d2b9e2_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:a4995e0d3dd1670c973df461230df237151b385a91a67dfe6f671fae77d2b9e2_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:3d49622cf676691f77379b8aae6622297ff2ac8e0a1e1031dd94d531fcc0613d_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:3d49622cf676691f77379b8aae6622297ff2ac8e0a1e1031dd94d531fcc0613d_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:3d49622cf676691f77379b8aae6622297ff2ac8e0a1e1031dd94d531fcc0613d_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8c893e92950f88e4bad45a278b12570d5e91f6e28b038f0f30778d6b3f11a3e4_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:8c893e92950f88e4bad45a278b12570d5e91f6e28b038f0f30778d6b3f11a3e4_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:8c893e92950f88e4bad45a278b12570d5e91f6e28b038f0f30778d6b3f11a3e4_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:b47bafddc9df4e933ee3cc620b87bc1fef140455fde9329c642850836d6b760d_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:b47bafddc9df4e933ee3cc620b87bc1fef140455fde9329c642850836d6b760d_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:b47bafddc9df4e933ee3cc620b87bc1fef140455fde9329c642850836d6b760d_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:4e67414dfcc88b3f94dca8ee7fe62d03ac3d138b18f5f6574713dc9bb809d3ff_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:66bdf543e17fe026a5b720087682d33a492a84bfd5b3c717fbbc30535a6a4c4d_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:f29b28ae92405e632bf63dbb6566c04073a62ef446ea9bca584265a8f3353013_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:344e639a1b16c36a70d09e4d10f6a1ab4804f01de8ff3bd6c60d1030a8090911_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:750f4b83ce44dd47d27439e087611e3c399710ebb0ea33765b3c83182d18e396_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:d7152f40deaa38d416cd653455ac20b802490f84bc79024f54956a380bb02055_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:2427a853c9389bb114156fa27486d212ccd78de225f4142e5532842e253d9c37_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6cd43ff321e7f85117b3bf03917a4482b1407b902969b4bf9eb1df5deae5c61_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:d76e482f8630a923c7242a594d213456e03cfafd60c46b13d45b54feae948f10_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:2cabeb129d785a02781cf55f7f2d51ab61803aeceab8631f629ea28d67e87619_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:32413bff489fcc1bee1429f7961afc952a7ee14dc85c9be09595bd904748c351_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ceb2befd459e5d0dbe11d8bf7f5300ea22e652c470d03527a67889aede1727cc_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:7c8cc5ef1661c3251218c018ac22d12ef01d5131c97f892b56e73e7bc156e191_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:dbdcbcc8418a1e72b5334e3d44a2335f83c8e7f9fe81be75ab4d0590ec3fd771_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:fd3c33346c04944302b8bb4a17a271f5d972477cbe7ccfe6b4a2978cade0471d_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:806004d0539858a2186d68044f2e745a317de9f1ebc2b2b62bc2090fec5ad246_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:c6e94904608cbb391c0ffb2a8822141137f17c0278edc2d0272cadb80e905dd3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:f6a56e4cf0ede7181179dcbb76bfc01cecb70b8888abc0366b0a7fd5c70d29c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:087c8e702374130c2b615a094be1c0b9b8f317e9266c8b8b4d043449d2cb64d9_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:983e1408faa6fc6a7f5494b817fe35fd67e897a0d06e206a0e6a931df92d7be7_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:a4995e0d3dd1670c973df461230df237151b385a91a67dfe6f671fae77d2b9e2_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:3d49622cf676691f77379b8aae6622297ff2ac8e0a1e1031dd94d531fcc0613d_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:8c893e92950f88e4bad45a278b12570d5e91f6e28b038f0f30778d6b3f11a3e4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:b47bafddc9df4e933ee3cc620b87bc1fef140455fde9329c642850836d6b760d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T22:22:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:4e67414dfcc88b3f94dca8ee7fe62d03ac3d138b18f5f6574713dc9bb809d3ff_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:66bdf543e17fe026a5b720087682d33a492a84bfd5b3c717fbbc30535a6a4c4d_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:f29b28ae92405e632bf63dbb6566c04073a62ef446ea9bca584265a8f3353013_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:344e639a1b16c36a70d09e4d10f6a1ab4804f01de8ff3bd6c60d1030a8090911_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:750f4b83ce44dd47d27439e087611e3c399710ebb0ea33765b3c83182d18e396_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:d7152f40deaa38d416cd653455ac20b802490f84bc79024f54956a380bb02055_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:2427a853c9389bb114156fa27486d212ccd78de225f4142e5532842e253d9c37_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6cd43ff321e7f85117b3bf03917a4482b1407b902969b4bf9eb1df5deae5c61_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:d76e482f8630a923c7242a594d213456e03cfafd60c46b13d45b54feae948f10_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:2cabeb129d785a02781cf55f7f2d51ab61803aeceab8631f629ea28d67e87619_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:32413bff489fcc1bee1429f7961afc952a7ee14dc85c9be09595bd904748c351_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ceb2befd459e5d0dbe11d8bf7f5300ea22e652c470d03527a67889aede1727cc_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:7c8cc5ef1661c3251218c018ac22d12ef01d5131c97f892b56e73e7bc156e191_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:dbdcbcc8418a1e72b5334e3d44a2335f83c8e7f9fe81be75ab4d0590ec3fd771_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:fd3c33346c04944302b8bb4a17a271f5d972477cbe7ccfe6b4a2978cade0471d_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:806004d0539858a2186d68044f2e745a317de9f1ebc2b2b62bc2090fec5ad246_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:c6e94904608cbb391c0ffb2a8822141137f17c0278edc2d0272cadb80e905dd3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:f6a56e4cf0ede7181179dcbb76bfc01cecb70b8888abc0366b0a7fd5c70d29c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:087c8e702374130c2b615a094be1c0b9b8f317e9266c8b8b4d043449d2cb64d9_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:983e1408faa6fc6a7f5494b817fe35fd67e897a0d06e206a0e6a931df92d7be7_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:a4995e0d3dd1670c973df461230df237151b385a91a67dfe6f671fae77d2b9e2_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:3d49622cf676691f77379b8aae6622297ff2ac8e0a1e1031dd94d531fcc0613d_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:8c893e92950f88e4bad45a278b12570d5e91f6e28b038f0f30778d6b3f11a3e4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:b47bafddc9df4e933ee3cc620b87bc1fef140455fde9329c642850836d6b760d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5951"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:4e67414dfcc88b3f94dca8ee7fe62d03ac3d138b18f5f6574713dc9bb809d3ff_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:66bdf543e17fe026a5b720087682d33a492a84bfd5b3c717fbbc30535a6a4c4d_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:f29b28ae92405e632bf63dbb6566c04073a62ef446ea9bca584265a8f3353013_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:344e639a1b16c36a70d09e4d10f6a1ab4804f01de8ff3bd6c60d1030a8090911_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:750f4b83ce44dd47d27439e087611e3c399710ebb0ea33765b3c83182d18e396_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:d7152f40deaa38d416cd653455ac20b802490f84bc79024f54956a380bb02055_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:2427a853c9389bb114156fa27486d212ccd78de225f4142e5532842e253d9c37_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6cd43ff321e7f85117b3bf03917a4482b1407b902969b4bf9eb1df5deae5c61_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:d76e482f8630a923c7242a594d213456e03cfafd60c46b13d45b54feae948f10_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:2cabeb129d785a02781cf55f7f2d51ab61803aeceab8631f629ea28d67e87619_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:32413bff489fcc1bee1429f7961afc952a7ee14dc85c9be09595bd904748c351_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ceb2befd459e5d0dbe11d8bf7f5300ea22e652c470d03527a67889aede1727cc_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:7c8cc5ef1661c3251218c018ac22d12ef01d5131c97f892b56e73e7bc156e191_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:dbdcbcc8418a1e72b5334e3d44a2335f83c8e7f9fe81be75ab4d0590ec3fd771_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:fd3c33346c04944302b8bb4a17a271f5d972477cbe7ccfe6b4a2978cade0471d_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:806004d0539858a2186d68044f2e745a317de9f1ebc2b2b62bc2090fec5ad246_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:c6e94904608cbb391c0ffb2a8822141137f17c0278edc2d0272cadb80e905dd3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:f6a56e4cf0ede7181179dcbb76bfc01cecb70b8888abc0366b0a7fd5c70d29c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:087c8e702374130c2b615a094be1c0b9b8f317e9266c8b8b4d043449d2cb64d9_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:983e1408faa6fc6a7f5494b817fe35fd67e897a0d06e206a0e6a931df92d7be7_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:a4995e0d3dd1670c973df461230df237151b385a91a67dfe6f671fae77d2b9e2_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:3d49622cf676691f77379b8aae6622297ff2ac8e0a1e1031dd94d531fcc0613d_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:8c893e92950f88e4bad45a278b12570d5e91f6e28b038f0f30778d6b3f11a3e4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:b47bafddc9df4e933ee3cc620b87bc1fef140455fde9329c642850836d6b760d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:4e67414dfcc88b3f94dca8ee7fe62d03ac3d138b18f5f6574713dc9bb809d3ff_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:66bdf543e17fe026a5b720087682d33a492a84bfd5b3c717fbbc30535a6a4c4d_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:f29b28ae92405e632bf63dbb6566c04073a62ef446ea9bca584265a8f3353013_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:344e639a1b16c36a70d09e4d10f6a1ab4804f01de8ff3bd6c60d1030a8090911_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:750f4b83ce44dd47d27439e087611e3c399710ebb0ea33765b3c83182d18e396_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:d7152f40deaa38d416cd653455ac20b802490f84bc79024f54956a380bb02055_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:2427a853c9389bb114156fa27486d212ccd78de225f4142e5532842e253d9c37_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6cd43ff321e7f85117b3bf03917a4482b1407b902969b4bf9eb1df5deae5c61_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:d76e482f8630a923c7242a594d213456e03cfafd60c46b13d45b54feae948f10_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:2cabeb129d785a02781cf55f7f2d51ab61803aeceab8631f629ea28d67e87619_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:32413bff489fcc1bee1429f7961afc952a7ee14dc85c9be09595bd904748c351_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ceb2befd459e5d0dbe11d8bf7f5300ea22e652c470d03527a67889aede1727cc_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:7c8cc5ef1661c3251218c018ac22d12ef01d5131c97f892b56e73e7bc156e191_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:dbdcbcc8418a1e72b5334e3d44a2335f83c8e7f9fe81be75ab4d0590ec3fd771_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:fd3c33346c04944302b8bb4a17a271f5d972477cbe7ccfe6b4a2978cade0471d_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:806004d0539858a2186d68044f2e745a317de9f1ebc2b2b62bc2090fec5ad246_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:c6e94904608cbb391c0ffb2a8822141137f17c0278edc2d0272cadb80e905dd3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:f6a56e4cf0ede7181179dcbb76bfc01cecb70b8888abc0366b0a7fd5c70d29c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:087c8e702374130c2b615a094be1c0b9b8f317e9266c8b8b4d043449d2cb64d9_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:983e1408faa6fc6a7f5494b817fe35fd67e897a0d06e206a0e6a931df92d7be7_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:a4995e0d3dd1670c973df461230df237151b385a91a67dfe6f671fae77d2b9e2_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:3d49622cf676691f77379b8aae6622297ff2ac8e0a1e1031dd94d531fcc0613d_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:8c893e92950f88e4bad45a278b12570d5e91f6e28b038f0f30778d6b3f11a3e4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:b47bafddc9df4e933ee3cc620b87bc1fef140455fde9329c642850836d6b760d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
}
]
}
RHSA-2023:5952
Vulnerability from csaf_redhat - Published: 2023-10-19 22:22 - Updated: 2026-06-05 00:58Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh for 2.4.4 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat OpenShift Service Mesh 2.4 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)
* buildkit: Data disclosure in provenance attestation describing a build (CVE-2023-26054)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.
5.5 (Medium)
Affected products
Fixed
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the moby buildkit. When a build is performed under specific conditions where credentials were passed to BuildKit, it may be visible to everyone with access to provenance attestation.
6.5 (Medium)
Affected products
Fixed
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
32 references
Acknowledgments
distros
distros
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Service Mesh 2.4 for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)\n\n* buildkit: Data disclosure in provenance attestation describing a build (CVE-2023-26054)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5952",
"url": "https://access.redhat.com/errata/RHSA-2023:5952"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "1982681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982681"
},
{
"category": "external",
"summary": "2176447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176447"
},
{
"category": "external",
"summary": "2242010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242010"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "OSSM-3771",
"url": "https://issues.redhat.com/browse/OSSM-3771"
},
{
"category": "external",
"summary": "OSSM-4851",
"url": "https://issues.redhat.com/browse/OSSM-4851"
},
{
"category": "external",
"summary": "OSSM-4873",
"url": "https://issues.redhat.com/browse/OSSM-4873"
},
{
"category": "external",
"summary": "OSSM-4957",
"url": "https://issues.redhat.com/browse/OSSM-4957"
},
{
"category": "external",
"summary": "OSSM-4963",
"url": "https://issues.redhat.com/browse/OSSM-4963"
},
{
"category": "external",
"summary": "OSSM-5022",
"url": "https://issues.redhat.com/browse/OSSM-5022"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5952.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh for 2.4.4 security update",
"tracking": {
"current_release_date": "2026-06-05T00:58:38+00:00",
"generator": {
"date": "2026-06-05T00:58:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5952",
"initial_release_date": "2023-10-19T22:22:44+00:00",
"revision_history": [
{
"date": "2023-10-19T22:22:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-19T22:22:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:58:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOSSM 2.4 for RHEL 8",
"product": {
"name": "RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.4-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.4-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.9-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.65.9-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.4.4-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.4-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.4-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.4-2"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.4-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.4-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.9-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.65.9-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.4.4-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.4-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.4-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.4-2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.4-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.4-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.9-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.65.9-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.4.4-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.4-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.4-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.4-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.4-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.4-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.9-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.65.9-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.4.4-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.4-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.4-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.4-2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"distros"
],
"organization": "distros"
}
],
"cve": "CVE-2021-32760",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2021-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1982681"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host\u2019s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "containerd: pulling and extracting crafted container image may result in Unix file permission changes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-32760"
},
{
"category": "external",
"summary": "RHBZ#1982681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-32760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32760"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-32760",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32760"
}
],
"release_date": "2021-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T22:22:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5952"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "containerd: pulling and extracting crafted container image may result in Unix file permission changes"
},
{
"cve": "CVE-2023-26054",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2176447"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the moby buildkit. When a build is performed under specific conditions where credentials were passed to BuildKit, it may be visible to everyone with access to provenance attestation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "buildkit: Data disclosure in provenance attestation describing a build",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26054"
},
{
"category": "external",
"summary": "RHBZ#2176447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26054"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26054",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26054"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc",
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc"
}
],
"release_date": "2023-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T22:22:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5952"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "buildkit: Data disclosure in provenance attestation describing a build"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T22:22:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5952"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
}
]
}
RHSA-2023:5964
Vulnerability from csaf_redhat - Published: 2023-10-20 14:54 - Updated: 2026-06-05 00:58Summary
Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats) security update
Severity
Important
Notes
Topic: An update for collectd-libpod-stats is now available for Red Hat OpenStack
Platform 16.2.5 (Train).
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Collectd plugin for gathering resource usage statistics from containers
created with the libpod library.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)
* golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)
* golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536)
* golang: go/parser: Infinite loop in parsing (CVE-2023-24537)
* golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.
9.8 (Critical)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
73 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for collectd-libpod-stats is now available for Red Hat OpenStack\nPlatform 16.2.5 (Train).\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Collectd plugin for gathering resource usage statistics from containers\ncreated with the libpod library.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)\n\n* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)\n\n* golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)\n\n* golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536)\n\n* golang: go/parser: Infinite loop in parsing (CVE-2023-24537)\n\n* golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5964",
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2178488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488"
},
{
"category": "external",
"summary": "2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "2184481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184481"
},
{
"category": "external",
"summary": "2184482",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184482"
},
{
"category": "external",
"summary": "2184483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184483"
},
{
"category": "external",
"summary": "2184484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184484"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5964.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats) security update",
"tracking": {
"current_release_date": "2026-06-05T00:58:39+00:00",
"generator": {
"date": "2026-06-05T00:58:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5964",
"initial_release_date": "2023-10-20T14:54:29+00:00",
"revision_history": [
{
"date": "2023-10-20T14:54:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-20T14:54:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:58:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.2",
"product": {
"name": "Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"product": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"product_id": "collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/collectd-libpod-stats@1.0.4-5.el8ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"product": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"product_id": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/collectd-libpod-stats@1.0.4-5.el8ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"product": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"product_id": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/collectd-libpod-stats@1.0.4-5.el8ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le"
},
"product_reference": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.src as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src"
},
"product_reference": "collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
},
"product_reference": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41724",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178492"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: large handshake records may cause panics",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a denial of service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41724"
},
{
"category": "external",
"summary": "RHBZ#2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724"
},
{
"category": "external",
"summary": "https://go.dev/cl/468125",
"url": "https://go.dev/cl/468125"
},
{
"category": "external",
"summary": "https://go.dev/issue/58001",
"url": "https://go.dev/issue/58001"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1570",
"url": "https://pkg.go.dev/vuln/GO-2023-1570"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: large handshake records may cause panics"
},
{
"cve": "CVE-2022-41725",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178488"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, mime/multipart: denial of service from excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41725"
},
{
"category": "external",
"summary": "RHBZ#2178488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725"
},
{
"category": "external",
"summary": "https://go.dev/cl/468124",
"url": "https://go.dev/cl/468124"
},
{
"category": "external",
"summary": "https://go.dev/issue/58006",
"url": "https://go.dev/issue/58006"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1569",
"url": "https://pkg.go.dev/vuln/GO-2023-1569"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption"
},
{
"cve": "CVE-2023-24534",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-04-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184483"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, net/textproto: denial of service from excessive memory allocation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24534"
},
{
"category": "external",
"summary": "RHBZ#2184483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184483"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24534"
},
{
"category": "external",
"summary": "https://go.dev/issue/58975",
"url": "https://go.dev/issue/58975"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8",
"url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
}
],
"release_date": "2023-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, net/textproto: denial of service from excessive memory allocation"
},
{
"cve": "CVE-2023-24536",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-04-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184482"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n\n* Conmon uses Go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not-affected.\n* The CVE refers to multipart form parsing routine mime/multipart.Reader.ReadForm, which is not used in Grafana, hence it is not-affected.\n* Butane does not parse multipart forms, hence, it is also not-affected.\nRedhat has marked this vulnerability as moderate as this vulnerability could lead to a potential denial of service when all the resource of a system is consumed which is technically not a clear case of denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24536"
},
{
"category": "external",
"summary": "RHBZ#2184482",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184482"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24536"
},
{
"category": "external",
"summary": "https://go.dev/issue/59153",
"url": "https://go.dev/issue/59153"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8",
"url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
}
],
"release_date": "2023-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption"
},
{
"cve": "CVE-2023-24537",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2023-04-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184484"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: go/parser: Infinite loop in parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated Moderate because it allows denial of service condition in Go\u2019s source code parser when processing specially crafted input containing //line directives with excessively large line numbers. Exploitation can cause the parser to enter an infinite loop, consuming CPU resources and rendering services unresponsive. While this issue does not permit code execution or data access, it poses a significant availability impact for systems processing untrusted Go source input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24537"
},
{
"category": "external",
"summary": "RHBZ#2184484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24537",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24537"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/59180",
"url": "https://github.com/golang/go/issues/59180"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8",
"url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
}
],
"release_date": "2023-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
},
{
"category": "workaround",
"details": "To mitigate this issue, upgrade Go to version 1.19.8, 1.20.3, or later, where the vulnerability has been addressed.",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: go/parser: Infinite loop in parsing"
},
{
"cve": "CVE-2023-24538",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2023-04-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184481"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: backticks not treated as string delimiters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described issue involving Go templates and JavaScript template literals poses a moderate severity rather than an important one due to several mitigating factors. Firstly, the vulnerability requires specific conditions to be met: the presence of Go templates within JavaScript template literals. This limits the scope of affected codebases, reducing the likelihood of exploitation. Additionally, the decision to disallow such interactions in future releases of Go indicates a proactive approach to addressing the issue. Furthermore, the affected packages or components within Red Hat Enterprise Linux, such as Conmon, Grafana, and the RHC package, have been assessed and determined not to be impacted due to their specific usage patterns. So the limited scope of affected systems and the absence of exploitation vectors in specific components within Red Hat Enterprise Linux contribute to categorizing the severity of the issue as moderate.\n\nFor Red Hat Enterprise Linux,\n\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* The rhc package do not make use of html/template. Hence, it is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24538"
},
{
"category": "external",
"summary": "RHBZ#2184481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24538",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24538"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/59234",
"url": "https://github.com/golang/go/issues/59234"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8",
"url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
}
],
"release_date": "2023-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: backticks not treated as string delimiters"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5965
Vulnerability from csaf_redhat - Published: 2023-10-20 14:54 - Updated: 2026-06-05 00:58Summary
Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats, etcd) security update
Severity
Important
Notes
Topic: An update for collectd-libpod-stats and etcd is now available for Red Hat OpenStack Platform 16.2.5 (Train).
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: A highly-available key value store for shared configuration
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
6.5 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Threats
Impact
Moderate
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
5.3 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
37 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for collectd-libpod-stats and etcd is now available for Red Hat OpenStack Platform 16.2.5 (Train).\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A highly-available key value store for shared configuration\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5965",
"url": "https://access.redhat.com/errata/RHSA-2023:5965"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5965.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats, etcd) security update",
"tracking": {
"current_release_date": "2026-06-05T00:58:41+00:00",
"generator": {
"date": "2026-06-05T00:58:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5965",
"initial_release_date": "2023-10-20T14:54:26+00:00",
"revision_history": [
{
"date": "2023-10-20T14:54:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-20T14:54:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:58:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.2",
"product": {
"name": "Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-15.el8ost.src",
"product": {
"name": "etcd-0:3.3.23-15.el8ost.src",
"product_id": "etcd-0:3.3.23-15.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-15.el8ost?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"product": {
"name": "python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"product_id": "python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest@1.4.1-2.20230111145026.f7718ef.el8ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-15.el8ost.x86_64",
"product": {
"name": "etcd-0:3.3.23-15.el8ost.x86_64",
"product_id": "etcd-0:3.3.23-15.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-15.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"product": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"product_id": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-15.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"product": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"product_id": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-15.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product": {
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_id": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang@1.4.1-2.20230111145026.f7718ef.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product": {
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_id": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest-debugsource@1.4.1-2.20230111145026.f7718ef.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_id": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang-debuginfo@1.4.1-2.20230111145026.f7718ef.el8ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-15.el8ost.ppc64le",
"product": {
"name": "etcd-0:3.3.23-15.el8ost.ppc64le",
"product_id": "etcd-0:3.3.23-15.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-15.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"product": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"product_id": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-15.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"product": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"product_id": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-15.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product": {
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_id": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang@1.4.1-2.20230111145026.f7718ef.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product": {
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_id": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest-debugsource@1.4.1-2.20230111145026.f7718ef.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_id": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang-debuginfo@1.4.1-2.20230111145026.f7718ef.el8ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"product": {
"name": "python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"product_id": "python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest@1.4.1-2.20230111145026.f7718ef.el8ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-15.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le"
},
"product_reference": "etcd-0:3.3.23-15.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-15.el8ost.src as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src"
},
"product_reference": "etcd-0:3.3.23-15.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-15.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64"
},
"product_reference": "etcd-0:3.3.23-15.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le"
},
"product_reference": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64"
},
"product_reference": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le"
},
"product_reference": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
},
"product_reference": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src"
},
"product_reference": "python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le"
},
"product_reference": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
},
"product_reference": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch"
},
"product_reference": "python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le"
},
"product_reference": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
},
"product_reference": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le"
},
"product_reference": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
},
"product_reference": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"known_not_affected": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5965"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"known_not_affected": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5965"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"known_not_affected": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5965"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5965"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5967
Vulnerability from csaf_redhat - Published: 2023-10-20 14:51 - Updated: 2026-06-05 00:58Summary
Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (collectd-libpod-stats, etcd) security update
Severity
Important
Notes
Topic: An update for collectd-libpod-stats and etcd is now available
for Red Hat OpenStack Platform 16.1.9 (Train).
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: A highly-available key value store for shared configuration
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for collectd-libpod-stats and etcd is now available\nfor Red Hat OpenStack Platform 16.1.9 (Train).\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A highly-available key value store for shared configuration\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5967",
"url": "https://access.redhat.com/errata/RHSA-2023:5967"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5967.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (collectd-libpod-stats, etcd) security update",
"tracking": {
"current_release_date": "2026-06-05T00:58:44+00:00",
"generator": {
"date": "2026-06-05T00:58:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5967",
"initial_release_date": "2023-10-20T14:51:43+00:00",
"revision_history": [
{
"date": "2023-10-20T14:51:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-20T14:51:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:58:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.1",
"product": {
"name": "Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-15.el8ost.src",
"product": {
"name": "etcd-0:3.3.23-15.el8ost.src",
"product_id": "etcd-0:3.3.23-15.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-15.el8ost?arch=src"
}
}
},
{
"category": "product_version",
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"product": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"product_id": "collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/collectd-libpod-stats@1.0.4-5.el8ost?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"product": {
"name": "python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"product_id": "python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest@1.3.0-1.20210528004838.0ae7f10.el8ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-15.el8ost.x86_64",
"product": {
"name": "etcd-0:3.3.23-15.el8ost.x86_64",
"product_id": "etcd-0:3.3.23-15.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-15.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"product": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"product_id": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-15.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"product": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"product_id": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-15.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"product": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"product_id": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/collectd-libpod-stats@1.0.4-5.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product": {
"name": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product_id": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang@1.3.0-1.20210528004838.0ae7f10.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product": {
"name": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product_id": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest-debugsource@1.3.0-1.20210528004838.0ae7f10.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product_id": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang-debuginfo@1.3.0-1.20210528004838.0ae7f10.el8ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-15.el8ost.ppc64le",
"product": {
"name": "etcd-0:3.3.23-15.el8ost.ppc64le",
"product_id": "etcd-0:3.3.23-15.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-15.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"product": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"product_id": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-15.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"product": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"product_id": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-15.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"product": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"product_id": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/collectd-libpod-stats@1.0.4-5.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product": {
"name": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product_id": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang@1.3.0-1.20210528004838.0ae7f10.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product": {
"name": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product_id": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest-debugsource@1.3.0-1.20210528004838.0ae7f10.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product_id": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang-debuginfo@1.3.0-1.20210528004838.0ae7f10.el8ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"product": {
"name": "python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"product_id": "python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest@1.3.0-1.20210528004838.0ae7f10.el8ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le"
},
"product_reference": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.src as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src"
},
"product_reference": "collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
},
"product_reference": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-15.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le"
},
"product_reference": "etcd-0:3.3.23-15.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-15.el8ost.src as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src"
},
"product_reference": "etcd-0:3.3.23-15.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-15.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64"
},
"product_reference": "etcd-0:3.3.23-15.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le"
},
"product_reference": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64"
},
"product_reference": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le"
},
"product_reference": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
},
"product_reference": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src"
},
"product_reference": "python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le"
},
"product_reference": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
},
"product_reference": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch"
},
"product_reference": "python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le"
},
"product_reference": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
},
"product_reference": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le"
},
"product_reference": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
},
"product_reference": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"known_not_affected": [
"8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:51:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5967"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:51:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5967"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5969
Vulnerability from csaf_redhat - Published: 2023-10-20 14:51 - Updated: 2026-06-05 00:58Summary
Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 security update
Severity
Important
Notes
Topic: An update for collectd-libpod-stats, etcd, and python-octavia-tests-tempest is now available for Red Hat OpenStack Platform 17.1.1.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The etcd packages provide a highly available key-value store for shared configuration.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
5.3 (Medium)
Affected products
Fixed
2 products
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src | — | ||
| Unresolved product id: 9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64 | — | ||
| Unresolved product id: 9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64 | — | ||
| Unresolved product id: 9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64 | — | ||
| Unresolved product id: 9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src | — | ||
| Unresolved product id: 9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64 | — | ||
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch | — | ||
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64 | — | ||
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for collectd-libpod-stats, etcd, and python-octavia-tests-tempest is now available for Red Hat OpenStack Platform 17.1.1.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The etcd packages provide a highly available key-value store for shared configuration.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5969",
"url": "https://access.redhat.com/errata/RHSA-2023:5969"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5969.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 security update",
"tracking": {
"current_release_date": "2026-06-05T00:58:45+00:00",
"generator": {
"date": "2026-06-05T00:58:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5969",
"initial_release_date": "2023-10-20T14:51:03+00:00",
"revision_history": [
{
"date": "2023-10-20T14:51:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-20T14:51:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:58:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 17.1",
"product": {
"name": "Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:17.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.4.26-3.el9ost.src",
"product": {
"name": "etcd-0:3.4.26-3.el9ost.src",
"product_id": "etcd-0:3.4.26-3.el9ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.4.26-3.el9ost?arch=src"
}
}
},
{
"category": "product_version",
"name": "collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"product": {
"name": "collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"product_id": "collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/collectd-libpod-stats@1.0.5-6.el9ost?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"product": {
"name": "python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"product_id": "python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest@1.9.0-1.20230509101018.el9ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.4.26-3.el9ost.x86_64",
"product": {
"name": "etcd-0:3.4.26-3.el9ost.x86_64",
"product_id": "etcd-0:3.4.26-3.el9ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.4.26-3.el9ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"product": {
"name": "etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"product_id": "etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.4.26-3.el9ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"product": {
"name": "etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"product_id": "etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.4.26-3.el9ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"product": {
"name": "collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"product_id": "collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/collectd-libpod-stats@1.0.5-6.el9ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product": {
"name": "python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product_id": "python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang@1.9.0-1.20230509101018.el9ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product": {
"name": "python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product_id": "python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest-debugsource@1.9.0-1.20230509101018.el9ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product_id": "python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang-debuginfo@1.9.0-1.20230509101018.el9ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"product": {
"name": "python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"product_id": "python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest@1.9.0-1.20230509101018.el9ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "collectd-libpod-stats-0:1.0.5-6.el9ost.src as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src"
},
"product_reference": "collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64"
},
"product_reference": "collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.4.26-3.el9ost.src as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src"
},
"product_reference": "etcd-0:3.4.26-3.el9ost.src",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.4.26-3.el9ost.x86_64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64"
},
"product_reference": "etcd-0:3.4.26-3.el9ost.x86_64",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.4.26-3.el9ost.x86_64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64"
},
"product_reference": "etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.4.26-3.el9ost.x86_64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64"
},
"product_reference": "etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src"
},
"product_reference": "python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64"
},
"product_reference": "python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch"
},
"product_reference": "python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64"
},
"product_reference": "python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
},
"product_reference": "python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64",
"relates_to_product_reference": "9Base-RHOS-17.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64"
],
"known_not_affected": [
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:51:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5969"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64"
],
"known_not_affected": [
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:51:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5969"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:51:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5969"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…