Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-61729 (GCVE-0-2025-61729)
Vulnerability from cvelistv5 – Published: 2025-12-02 18:54 – Updated: 2025-12-03 19:37- CWE-400 - Uncontrolled Resource Consumption
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/x509 |
Affected:
0 , < 1.24.11
(semver)
Affected: 1.25.0 , < 1.25.5 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-61729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T21:52:36.341575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:52:58.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/x509",
"product": "crypto/x509",
"programRoutines": [
{
"name": "Certificate.VerifyHostname"
},
{
"name": "Certificate.Verify"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.24.11",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.25.5",
"status": "affected",
"version": "1.25.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Philippe Antoine (Catena cyber)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T19:37:14.903Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/725920"
},
{
"url": "https://go.dev/issue/76445"
},
{
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"title": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-61729",
"datePublished": "2025-12-02T18:54:10.166Z",
"dateReserved": "2025-09-30T15:05:03.605Z",
"dateUpdated": "2025-12-03T19:37:14.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-61729",
"date": "2026-07-02",
"epss": "0.00459",
"percentile": "0.36574"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-61729\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2025-12-02T19:15:51.447\",\"lastModified\":\"2026-06-17T09:50:48.507\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"crypto/x509\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"crypto/x509\",\"programRoutines\":[{\"name\":\"Certificate.VerifyHostname\"},{\"name\":\"Certificate.Verify\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.24.11\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.25.0\",\"lessThan\":\"1.25.5\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-12-02T21:52:36.341575Z\",\"id\":\"CVE-2025-61729\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.11\",\"matchCriteriaId\":\"F2E6FD2A-A487-4099-B91D-2429F286AC6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.25.0\",\"versionEndExcluding\":\"1.25.5\",\"matchCriteriaId\":\"39C03A37-B94B-46E4-B1C2-A70A870F8E53\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/725920\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/76445\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/8FJoBkPddm4\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2025-4155\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-61729\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-02T21:52:36.341575Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-02T21:52:53.822Z\"}}], \"cna\": {\"title\": \"Excessive resource consumption when printing error string for host certificate validation in crypto/x509\", \"credits\": [{\"lang\": \"en\", \"value\": \"Philippe Antoine (Catena cyber)\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/x509\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.24.11\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.25.0\", \"lessThan\": \"1.25.5\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/x509\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Certificate.VerifyHostname\"}, {\"name\": \"Certificate.Verify\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/725920\"}, {\"url\": \"https://go.dev/issue/76445\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/8FJoBkPddm4\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2025-4155\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2025-12-03T19:37:14.903Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-61729\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-03T19:37:14.903Z\", \"dateReserved\": \"2025-09-30T15:05:03.605Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2025-12-02T18:54:10.166Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:6428
Vulnerability from csaf_redhat - Published: 2026-04-02 07:50 - Updated: 2026-07-03 11:01A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x | — |
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x | — |
Workaround
|
A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the archive, bypassing existing path protections. This can lead to unauthorized access and modification of sensitive system files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x | — |
Workaround
|
A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le | — | ||
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x | — |
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x | — |
Workaround
|
|
| Unresolved product id: Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Network Observability 1.11 for Red Hat OpenShift.",
"title": "Topic"
},
{
"category": "general",
"text": "Network flows collector and monitoring solution.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6428",
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26960",
"url": "https://access.redhat.com/security/cve/CVE-2026-26960"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29063",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/observability/network_observability/network-observability-operator-release-notes.html",
"url": "https://docs.openshift.com/container-platform/latest/observability/network_observability/network-observability-operator-release-notes.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6428.json"
}
],
"title": "Red Hat Security Advisory: Network Observability 1.11.1 for OpenShift",
"tracking": {
"current_release_date": "2026-07-03T11:01:37+00:00",
"generator": {
"date": "2026-07-03T11:01:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:6428",
"initial_release_date": "2026-04-02T07:50:38+00:00",
"revision_history": [
{
"date": "2026-04-02T07:50:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-02T07:50:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Network Observability (NETOBSERV) 1.11.2",
"product": {
"name": "Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_observ_optr:1.11::el9"
}
}
}
],
"category": "product_family",
"name": "Network Observability (NETOBSERV)"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256%3A7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1773997913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256%3A2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774887582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256%3A30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1773992622"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-compat-rhel9@sha256%3A40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774431392"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256%3A3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774431617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256%3A325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774962696"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"product_id": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256%3A13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122?arch=amd64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774859742"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256%3A5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1773997913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256%3Adc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774887582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256%3A05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1773992622"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-compat-rhel9@sha256%3A115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774431392"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256%3A1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774431617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"product_id": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256%3A4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d?arch=arm64\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774859742"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256%3A791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1773997913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256%3A9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774887582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256%3Ab0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1773992622"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-compat-rhel9@sha256%3A03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774431392"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256%3A222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774431617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"product_id": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256%3Ab5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774859742"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256%3Aa72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1773997913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256%3A880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774887582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256%3Aa90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1773992622"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-compat-rhel9@sha256%3A17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774431392"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256%3A51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774431617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x",
"product": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x",
"product_id": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256%3Adc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453?arch=s390x\u0026repository_url=registry.redhat.io/network-observability\u0026tag=1774859742"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64 as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x as a component of Network Observability (NETOBSERV) 1.11.2",
"product_id": "Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
},
"product_reference": "registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x",
"relates_to_product_reference": "Network Observability (NETOBSERV) 1.11.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T07:50:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T07:50:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T07:50:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T07:50:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T07:50:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-26960",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-20T02:01:07.883769+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the archive, bypassing existing path protections. This can lead to unauthorized access and modification of sensitive system files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat environments, this condition introduces a significant constraint, as exploitation requires user interaction and reliance on unsafe handling of externally supplied archives. The attack is not remotely exploitable in isolation and depends on a user or service processing attacker-controlled input.\n\nFurthermore, the impact of the vulnerability is limited to the privileges of the extracting process. In typical Red Hat deployments, archive extraction is performed by non-privileged users or within confined environments such as containers or restricted service contexts, which limits the scope of potential damage.\n\nRed Hat analysis also notes that this issue does not provide a direct mechanism for code execution or privilege escalation, but rather enables file system manipulation within the boundaries of the executing user\u2019s permissions.\n\nGiven the requirement for user-assisted exploitation, the absence of a direct remote attack vector, and the confinement of impact to the privileges of the extracting process, Red Hat considers the practical risk to be lower than the generalized NVD assessment. As a result, this vulnerability is classified as Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26960"
},
{
"category": "external",
"summary": "RHBZ#2441253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26960"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384",
"url": "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f",
"url": "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx"
}
],
"release_date": "2026-02-20T01:07:52.979000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T07:50:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation"
},
{
"cve": "CVE-2026-29063",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-06T19:00:57.982727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this vulnerability requires that an attacker is able to provide arbitrary data to clients of this library in a way that calls the affected functions with data the attacker controls. In most deployments, the ability to provide data in this fashion requires that an attacker has some degree of privileges to access the affected applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "RHBZ#2445291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw",
"url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw"
}
],
"release_date": "2026-03-06T18:25:22.438000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T07:50:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
],
"known_not_affected": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T07:50:38+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:30a1eceb88756d6bd6b2a523f4c763e2c17491d921e709b49065c8e1827e7e40_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:a90dd2247b3167d97fae23047e0dadb711b870a402fb6ae1460928e187a4a1f3_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-cli-rhel9@sha256:b0f982a4b0cf36578c2483d9487e6c6f0343043737e01b6dd1b61778ed915e80_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:03f45691cb47a4afd19a4bb61704f1c38cc6f0fb9f7bcacf4ed3070eecdc02b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:115254a3a9f613fbcec875c7e515b638da1e046f6dff8bcb0ce8aeb7bd3bcbb8_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:17faaf94edcd7636ece30fcc7372bdabdc66c5d443b1132c9a15ef6823f57175_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-compat-rhel9@sha256:40512734417b0b3555046f6034e20dc9d834819bb83dbc2e6240bd656a4b2b3b_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:1b0ed12930e073b9d9f10856abd1bf78366123a7c46d0365395ae9ffaccb8cd1_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:222e5ccbdcee7fcddfceda87216a63ea8aa46efdde0171fd1ba58b5c1e020768_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:3452169eaaeda28a490561e93089374a5e306868e221f68c14dc623de532f152_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:51765514b5b6d1d205a26ad50893d11284256dd0afbd7603370c92242012973c_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:880119c62568c07d28fcedfe545b92cb6e4b9e11ffb79f8405214a4810f931f8_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:9d6bc518588793ff607a20fd94a181c7028c1f7a938b713253bfddef3fbac708_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:dc9c1e367526c7a2bae9694c253909f6716be82f89d1ceb9dc3a38528120d518_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:791b6dff77ede837fe03220d73511632b719e3c9668ef1a4a7766c2c9c8fe4b4_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7e2463af3ff443c98adf0bbfe349c7d9da90c8de34892e41b46627f30623b47a_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a72d7f075a569e1c0ba055ca748f04fa3c6ff889de498faba215174048b9b088_s390x",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:325f2d9688ef540088f75b450d209fb8dd6b7b2dfc006f492f7575f3e8678607_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122_amd64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:4a717354ce0dfefb859c61b6088f9e51c9e1679892359ddcbe250697e723618d_arm64",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:b5778b60be17f7e849b5aff93df89735063e003c27c61bc03abd4b899542a7ae_ppc64le",
"Network Observability (NETOBSERV) 1.11.2:registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:dc14db47fce0af17e02916369099477a584d52e113e20b47518007aa074b5453_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
}
]
}
RHSA-2026:6568
Vulnerability from csaf_redhat - Published: 2026-04-03 22:07 - Updated: 2026-07-03 11:01A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect servers. The cache-backed state and request-token storage within Authlib is not securely linked to the user's initiating session. This vulnerability allows a remote attacker to exploit a Cross-Site Request Forgery (CSRF) by obtaining a valid state, which can lead to unauthorized actions being performed on behalf of the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service (DoS) by hanging the process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an invalid signature without retrying. This vulnerability allows an attacker to recover the private key used for signing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the `modPow` function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect (OIDC) servers. This vulnerability allows a remote attacker to bypass critical integrity checks in OIDC ID Tokens. Specifically, the library's internal hash verification logic fails open when encountering an unsupported cryptographic algorithm, accepting a forged ID Token as valid. This can lead to an authentication bypass, granting unauthorized access to systems relying on Authlib for OIDC authentication.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.15.4 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.15.4",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6568",
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68158",
"url": "https://access.redhat.com/security/cve/CVE-2025-68158"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26007",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27628",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28498",
"url": "https://access.redhat.com/security/cve/CVE-2026-28498"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29063",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-30922",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32597",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4598",
"url": "https://access.redhat.com/security/cve/CVE-2026-4598"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4599",
"url": "https://access.redhat.com/security/cve/CVE-2026-4599"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4600",
"url": "https://access.redhat.com/security/cve/CVE-2026-4600"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4601",
"url": "https://access.redhat.com/security/cve/CVE-2026-4601"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4602",
"url": "https://access.redhat.com/security/cve/CVE-2026-4602"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6568.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.15.4",
"tracking": {
"current_release_date": "2026-07-03T11:01:39+00:00",
"generator": {
"date": "2026-07-03T11:01:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:6568",
"initial_release_date": "2026-04-03T22:07:28+00:00",
"revision_history": [
{
"date": "2026-04-03T22:07:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-03T22:07:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.15",
"product": {
"name": "Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.15::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774980222"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979159"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Aebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774980224"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aa1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979227"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775183105"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775227789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775249999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Adec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775250489"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774984603"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ac72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169219"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Acde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979159"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979227"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775227789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775249999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ae5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774984603"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169219"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979159"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ad6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979227"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775227789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775249999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774984603"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Abe166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169219"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2025-68158",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2026-01-08T19:01:41.615962+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428102"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect servers. The cache-backed state and request-token storage within Authlib is not securely linked to the user\u0027s initiating session. This vulnerability allows a remote attacker to exploit a Cross-Site Request Forgery (CSRF) by obtaining a valid state, which can lead to unauthorized actions being performed on behalf of the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Authlib: Authlib: Cross-Site Request Forgery due to improper session management in state storage",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products utilizing Authlib, such as Red Hat Ansible Automation Platform, Hosted OpenShift Clusters, Red Hat Quay, and Red Hat Satellite. The flaw arises from improper session management in Authlib\u0027s cache-backed state storage, allowing a remote attacker to perform Cross-Site Request Forgery (CSRF) by obtaining a valid state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68158"
},
{
"category": "external",
"summary": "RHBZ#2428102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428102"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68158"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68158",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68158"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489",
"url": "https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/7974f45e4d7492ab5f527577677f2770ce423228",
"url": "https://github.com/authlib/authlib/commit/7974f45e4d7492ab5f527577677f2770ce423228"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-fg6f-75jq-6523",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-fg6f-75jq-6523"
}
],
"release_date": "2026-01-08T17:58:17.724000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Authlib: Authlib: Cross-Site Request Forgery due to improper session management in state storage"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-4598",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-03-23T06:01:47.891452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service (DoS) by hanging the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: A denial of service flaw was found in jsrsasign. This vulnerability allows a remote attacker to cause a permanent denial of service by providing specially crafted zero or negative inputs to the bnModInverse function, leading to an infinite loop. This affects Red Hat Migration Toolkit for Virtualization and Red Hat Quay, which utilize the vulnerable jsrsasign component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4598"
},
{
"category": "external",
"summary": "RHBZ#2450210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264",
"url": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323",
"url": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/648",
"url": "https://github.com/kjur/jsrsasign/pull/648"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938"
}
],
"release_date": "2026-03-23T05:00:11.571000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs"
},
{
"cve": "CVE-2026-4599",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2026-03-23T06:01:34.008562+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450207"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4599"
},
{
"category": "external",
"summary": "RHBZ#2450207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4599",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4599"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4599",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4599"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20",
"url": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1",
"url": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/647",
"url": "https://github.com/kjur/jsrsasign/pull/647"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939"
}
],
"release_date": "2026-03-23T05:00:12.522000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces"
},
{
"cve": "CVE-2026-4600",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-23T06:01:39.334925+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450208"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT. The flaw in jsrsasign allows an attacker to forge Digital Signature Algorithm (DSA) signatures or X.509 certificates by providing malicious domain parameters during validation. This could lead to unauthorized access or data manipulation in affected Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, where jsrsasign is utilized for cryptographic signature verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4600"
},
{
"category": "external",
"summary": "RHBZ#2450208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4600",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4600"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4600",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4600"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7",
"url": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60",
"url": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/646",
"url": "https://github.com/kjur/jsrsasign/pull/646"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940"
}
],
"release_date": "2026-03-23T05:00:08.475000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters"
},
{
"cve": "CVE-2026-4601",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-03-23T06:01:44.014846+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450209"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an invalid signature without retrying. This vulnerability allows an attacker to recover the private key used for signing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: A flaw in the jsrsasign library allows for private key recovery due to a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process. An attacker can manipulate signature generation within the KJUR.crypto.DSA.signWithMessageHash function to force specific values, enabling the recovery of the private key. This impacts Red Hat products utilizing jsrsasign, such as Migration Toolkit for Virtualization and Red Hat Quay.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4601"
},
{
"category": "external",
"summary": "RHBZ#2450209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4601"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586",
"url": "https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb",
"url": "https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/645",
"url": "https://github.com/kjur/jsrsasign/pull/645"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941"
}
],
"release_date": "2026-03-23T05:00:13.312000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing"
},
{
"cve": "CVE-2026-4602",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"discovery_date": "2026-03-23T06:01:28.729668+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450206"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the `modPow` function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT flaw. The `jsrsasign` library, as used in Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, is vulnerable to a signature verification bypass. A remote attacker could provide a specially crafted negative exponent to the `modPow` function, leading to incorrect modular inverse computations and allowing them to bypass signature verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4602"
},
{
"category": "external",
"summary": "RHBZ#2450206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450206"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4602"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5",
"url": "https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195",
"url": "https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/650",
"url": "https://github.com/kjur/jsrsasign/pull/650"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175"
}
],
"release_date": "2026-03-23T05:00:10.567000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-26007",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-02-10T22:01:01.036116+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438762"
}
],
"notes": [
{
"category": "description",
"text": "A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw, while difficult to exploit, would lead to a loss of integrity in the encrypted communication channel. Given that the cryptography package is a library, it is likely to be used in situations that do not require user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "RHBZ#2438762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c",
"url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
}
],
"release_date": "2026-02-10T21:42:56.471000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27628",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-25T04:02:09.864561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442543"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to supply a crafted PDF file to be processed by an application using the pypdf library. This issue can cause the application to enter an infinite loop and consume a high amount of CPU resources, eventually resulting in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "RHBZ#2442543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f",
"url": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/issues/3654",
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
}
],
"release_date": "2026-02-25T02:45:37.543000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-28498",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-03-16T19:02:00.128339+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect (OIDC) servers. This vulnerability allows a remote attacker to bypass critical integrity checks in OIDC ID Tokens. Specifically, the library\u0027s internal hash verification logic fails open when encountering an unsupported cryptographic algorithm, accepting a forged ID Token as valid. This can lead to an authentication bypass, granting unauthorized access to systems relying on Authlib for OIDC authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT vulnerability in Authlib allows attackers to bypass OIDC ID Token integrity verification. The at_hash and c_hash validation fails open for unknown algorithms, accepting forged tokens as valid. Exploitation requires no authentication or user interaction. Impact is high to confidentiality and integrity. Red Hat products using Authlib for OIDC validation are affected. Fixed in version 1.6.9.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28498"
},
{
"category": "external",
"summary": "RHBZ#2448182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28498",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28498"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b",
"url": "https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j"
}
],
"release_date": "2026-03-16T18:03:28.821000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
},
{
"cve": "CVE-2026-29063",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-06T19:00:57.982727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this vulnerability requires that an attacker is able to provide arbitrary data to clients of this library in a way that calls the affected functions with data the attacker controls. In most deployments, the ability to provide data in this fashion requires that an attacker has some degree of privileges to access the affected applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "RHBZ#2445291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw",
"url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw"
}
],
"release_date": "2026-03-06T18:25:22.438000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-30922",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-03-18T04:02:45.401296+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448553"
}
],
"notes": [
{
"category": "description",
"text": "An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "RHBZ#2448553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-30922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0",
"url": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r",
"url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r"
}
],
"release_date": "2026-03-18T02:29:45.857000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion"
},
{
"cve": "CVE-2026-32597",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-12T22:01:29.967713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447194"
}
],
"notes": [
{
"category": "description",
"text": "A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 \u00a74.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "RHBZ#2447194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f"
}
],
"release_date": "2026-03-12T21:41:50.427000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)"
}
]
}
RHSA-2026:7052
Vulnerability from csaf_redhat - Published: 2026-04-08 12:26 - Updated: 2026-07-03 11:01A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Logging for Red Hat OpenShift - 6.0.14",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Logging 6.0.14 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7052",
"url": "https://access.redhat.com/errata/RHSA-2026:7052"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7052.json"
}
],
"title": "Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.0.14",
"tracking": {
"current_release_date": "2026-07-03T11:01:39+00:00",
"generator": {
"date": "2026-07-03T11:01:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7052",
"initial_release_date": "2026-04-08T12:26:52+00:00",
"revision_history": [
{
"date": "2026-04-08T12:26:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-08T12:27:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Logging Subsystem for Red Hat OpenShift 6.0",
"product": {
"name": "Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:6.0::el9"
}
}
}
],
"category": "product_family",
"name": "Logging Subsystem for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256%3Ad209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774968306"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256%3Ab9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774549440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"product_id": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256%3A40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774879689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"product_id": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256%3A350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774879741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"product_id": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256%3Abf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774880815"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"product_id": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256%3A17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774880783"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"product_id": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-operator-bundle@sha256%3A066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774968543"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"product_id": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256%3A5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774890842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"product_id": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256%3Ac9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774881157"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"product_id": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256%3A95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774881153"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256%3A6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774549440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"product_id": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256%3Ad9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774879689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"product_id": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256%3A2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774879741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"product_id": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256%3Aa74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774880815"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"product_id": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256%3A492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774880783"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"product_id": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256%3Aa0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774890842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"product_id": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256%3A187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774881157"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"product_id": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256%3Ad44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774881153"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256%3A10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774549440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256%3Ac15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774879689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256%3A3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774879741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256%3A2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774880815"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256%3A3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774880783"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256%3A4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774890842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256%3A83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774881157"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256%3Ab37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774881153"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256%3A104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774549440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"product_id": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256%3Adc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774879689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"product_id": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256%3A2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774879741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"product_id": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256%3Ab07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774880815"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x",
"product_id": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256%3A6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774880783"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"product_id": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256%3A47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774890842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"product_id": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256%3Acec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774881157"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"product_id": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256%3A37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging\u0026tag=1774881153"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.0",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64"
],
"known_not_affected": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T12:26:52+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/ocp-4-16-release-notes\n\nFor Red Hat OpenShift Logging 6.0, see the following instructions to apply this update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.0",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7052"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64"
],
"known_not_affected": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T12:26:52+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/ocp-4-16-release-notes\n\nFor Red Hat OpenShift Logging 6.0, see the following instructions to apply this update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.0",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7052"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64"
],
"known_not_affected": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T12:26:52+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/ocp-4-16-release-notes\n\nFor Red Hat OpenShift Logging 6.0, see the following instructions to apply this update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.0",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7052"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:d209573e6df01cd36afacc1a1f8df31e8de3d2a7a8387930f17796ee8b9048c5_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:104e2d1d549a7aadef382b84682101a2aec00220b590c11e33cc32ed42be385c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:10bdf723d50381fc82aa880eb8a0061f0e2d1e9de79f5434da649150bc069b72_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:6c9b684018ffa4f077f1f1771d97b73f26bf9dc85b0b93b75339dc473d8902b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:b9796103f1764b934f60af071bffc6a8059ab139c1065ec46fc30b2240b651c8_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2c959245c4324af33d6c1e98e353438cb7af01d77820188540aca68d67bb90d9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:2f256cda4ec765512662b2bc61f7d03f55084c1c70931c710856e127f2b3d451_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:3059ab6f68534c99df10a0869be8ced3ebfb4bbeb52a4550a6be21d57acea22a_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:350aa685de25030921ef41a547dc8a120f2d62e241d7418ba9c4fdff7d97b906_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:40af6f87f4f2bdc2ef47a4ee0392c0b038282844b98c383969891c771be9d729_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:c15c54a4136fbbbc506bc1419a77a8f25a74d524d1e24d38ab77cc65d5d48709_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d9849379bef38e9f03dfb1983ca6a5637b77991c358888d4bcb80bd1bc69ea52_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:dc6a419518e739554b189f90f6c92ab31b45d49aa149dfdd1f93ad8ca71dcb32_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:2d890f2514cbe50cf8cbde46cb9efa27916db4ae1159ea28bbe662e26a291b56_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:a74624c09a0f8610ae24169b5881b0ed9c58c06cb850fc38129965c5146f06a4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:b07c633ccb494357b4234e28865f4832411cc124ccb0658673e046e1f00d36f8_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:bf8e677aabcf76a4adfa68838f78c092b53a0e9bda241f2bdf25e8161ba8a9c2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:066c48e21770af7033f9b9b9ac74f507f638a7c60601221d394b1c36547ed690_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4093857273cd7660e1eb76f608004603224915e9775c803a3c2b251b4cc27a15_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:47e51e1a9d402464b94e64fea7477254618265b6617ab56e47501cb4ab0dc18c_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:5ab64d8d0b31ee471952c597995eac81ba1f271d9aace9dc7a56ecea63b8fea7_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:a0e01078c736909918c7da0e838aa09b2a9f730d061473fb8dbf81bd0992fa51_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:187e8269c8e796b8e2d3d7ae783a9f8bca4bdcff86f4bbc8084de94c7cf66bd7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:83f49174e621dc8f8263d92db55422fb9f79fb2f9e433fc783dbb793e88f7aea_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:c9f16dee85d3b4544380d1cbf1a4e23ad1efa28fda5a42094daa234bd2813a9e_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:cec78cd4eaf7742a71374b3200264df4a1f0e0f89527cd13391be6ff64de6ba2_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:37a17225a4abbbbb8942a4514e92f2855858ddf615133e4965b362acd660bf0f_s390x",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:95616c48fcf2e0918f589c05d0f396d40f0f9e7ee6a713c8ee5bc2305c2d87e2_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b37d8636f4f30485295080a76e40f3357acf3bfd294b5dd79eedc88356454d52_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:d44b5e861efd3636be088e5faf0fd212621614f5cdf774e417f7105cc5595bfa_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:17ad87c07de357a7edcf3b97a2173b70e77bec85343e9250e925c1a7ba99c412_amd64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3be6b8f3d249c299c199f6bbf04c889187a98c5703f648a8ccf8a4a4b74a4ba1_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:492538a110bc0e6280e09901eb5a0851b25e8979803c3ca2902384a53bb1d27f_arm64",
"Logging Subsystem for Red Hat OpenShift 6.0:registry.redhat.io/openshift-logging/vector-rhel9@sha256:6ebd083a221161c63180b2aaba528ef2888f784074210cf21dee533b9ac0f269_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:7291
Vulnerability from csaf_redhat - Published: 2026-04-09 11:00 - Updated: 2026-07-03 11:01A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in "../", an attacker may be able to open the immediate parent directory of the intended Root. Although this escape does not allow traversal to higher-level ancestors or direct access to files within the parent directory, it may expose directory metadata or unintended filesystem structure if the application passes untrusted path input to Root.Open.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A CrossOriginProtection bypass has been discovered in the golang net/http package. When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A memory exhaustion flaw has been discovered in the golang encoding/asn1 module. Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A potential denial of service flaw has been discovered in golang's crypto/x509 module. Due to the design of the name constraint checking algorithm, the processing time of some inputs scales non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The crypto/tls conn.Handshake method returns an error on the server-side when ALPN negotation fails which can contain arbitrary attacker controlled information provided by the client-side of the connection which is not escaped. This affects programs which log these errors without any additional form of sanitization, and may allow injection of attacker controlled information into logs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A potential denial of service flaw has been discovered in the golang encoding/pem module. Due to the design of the PEM parsing function, the processing time for some inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs and may result in an unresponsive program should an attacker exploit it.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A denial of service vulnerability has been discovered in the golang net/mail module. The ParseAddress function constructed domain-literal address components through repeated string concatenation which when parsing large domain-literal components, could cause excessive CPU consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A TLS connection handling flaw has been discovered in the golang crypto/tls library. During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Golang's cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial (hg) installed, this can occur when downloading modules from non-standard sources due to how external Version Control System (VCS) commands are constructed. Additionally, on systems with Git installed, providing malicious version strings to the toolchain can enable an attacker to write to arbitrary files on the filesystem. This issue is triggered by explicitly supplying these malicious version strings.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A certificate validation flaw has been discovered in the golang crypto/x509 module. Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.
CWE-295 - Improper Certificate Validation| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A path traversal flaw has been discovered in the golang `os` module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/net/http2. A remote attacker can exploit this vulnerability by sending specially crafted HTTP/2 frames, which are data packets used in the HTTP/2 protocol. Due to a missing check for null values, processing these specific frames (types 0x0a through 0x0f) can cause the server to crash. This leads to a Denial of Service (DoS) condition, making the affected server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
An input escaping flaw has been discovered in the golang html/template module. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Go's `archive/tar` package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the `tar.Reader` processes an archive containing a large number of sparse regions in the "old GNU sparse map" format, it can lead to unbounded memory allocation. This can result in a Denial of Service (DoS) condition, making the affected application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `html/template` package. This vulnerability arises from improper tracking of context and brace depth within JavaScript (JS) template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into web pages viewed by other users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format (TIFF) file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes (GiB) of memory. The excessive resource consumption or an out-of-memory error would lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7291",
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27141",
"url": "https://access.redhat.com/security/cve/CVE-2026-27141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58190",
"url": "https://access.redhat.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47911",
"url": "https://access.redhat.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22873",
"url": "https://access.redhat.com/security/cve/CVE-2025-22873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68119",
"url": "https://access.redhat.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61732",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61731",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61725",
"url": "https://access.redhat.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61724",
"url": "https://access.redhat.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61723",
"url": "https://access.redhat.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58186",
"url": "https://access.redhat.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58185",
"url": "https://access.redhat.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58181",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47914",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47912",
"url": "https://access.redhat.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47910",
"url": "https://access.redhat.com/security/cve/CVE-2025-47910"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61730",
"url": "https://access.redhat.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58189",
"url": "https://access.redhat.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58187",
"url": "https://access.redhat.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58188",
"url": "https://access.redhat.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33809",
"url": "https://access.redhat.com/security/cve/CVE-2026-33809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32289",
"url": "https://access.redhat.com/security/cve/CVE-2026-32289"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32288",
"url": "https://access.redhat.com/security/cve/CVE-2026-32288"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32283",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27144",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27143",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61727",
"url": "https://access.redhat.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27139",
"url": "https://access.redhat.com/security/cve/CVE-2026-27139"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27138",
"url": "https://access.redhat.com/security/cve/CVE-2026-27138"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27142",
"url": "https://access.redhat.com/security/cve/CVE-2026-27142"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7291.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-03T11:01:41+00:00",
"generator": {
"date": "2026-07-03T11:01:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7291",
"initial_release_date": "2026-04-09T11:00:43+00:00",
"revision_history": [
{
"date": "2026-04-09T11:00:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-18T20:02:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@aarch64",
"product": {
"name": "golang1-26-main@aarch64",
"product_id": "golang1-26-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.2-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@src",
"product": {
"name": "golang1-26-main@src",
"product_id": "golang1-26-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.2-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@x86_64",
"product": {
"name": "golang1-26-main@x86_64",
"product_id": "golang1-26-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.2-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@noarch",
"product": {
"name": "golang1-26-main@noarch",
"product_id": "golang1-26-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26-docs@1.26.2-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@aarch64"
},
"product_reference": "golang1-26-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@noarch"
},
"product_reference": "golang1-26-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@src"
},
"product_reference": "golang1-26-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@x86_64"
},
"product_reference": "golang1-26-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22873",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-05T00:01:17.475869+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436992"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in \"../\", an attacker may be able to open the immediate parent directory of the intended Root. Although this escape does not allow traversal to higher-level ancestors or direct access to files within the parent directory, it may expose directory metadata or unintended filesystem structure if the application passes untrusted path input to Root.Open.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os: os: Information disclosure via path traversal using specially crafted filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security classified this issue as Moderate.\n\nThe flaw exists in a local filesystem abstraction within the Go standard library, it can also be exploited remotely in applications that accept attacker-controlled path input over a network and pass it to Root.Open without proper validation. The attack complexity is low, as exploitation requires only appending \"../\" to the supplied path. However, the impact is limited: the flaw permits opening only the immediate parent directory, not arbitrary filesystem locations or files contained within that directory. There is no direct impact on file integrity or application availability. These constraints limit the practical exposure of the issue while still represents a boundary bypass and may expose unintended filesystem metadata. The issue does not permit traversal beyond the parent directory, modification of files, or broader system compromise, thereby constraining its overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22873"
},
{
"category": "external",
"summary": "RHBZ#2436992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436992"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22873"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2025/05/06/2",
"url": "http://www.openwall.com/lists/oss-security/2025/05/06/2"
},
{
"category": "external",
"summary": "https://go.dev/cl/670036",
"url": "https://go.dev/cl/670036"
},
{
"category": "external",
"summary": "https://go.dev/issue/73555",
"url": "https://go.dev/issue/73555"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4403",
"url": "https://pkg.go.dev/vuln/GO-2026-4403"
}
],
"release_date": "2026-02-04T23:05:24.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "os: os: Information disclosure via path traversal using specially crafted filenames"
},
{
"cve": "CVE-2025-47910",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2025-09-22T22:00:44.572202+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397528"
}
],
"notes": [
{
"category": "description",
"text": "A CrossOriginProtection bypass has been discovered in the golang net/http package. When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: CrossOriginProtection bypass in net/http",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47910"
},
{
"category": "external",
"summary": "RHBZ#2397528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47910",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47910"
},
{
"category": "external",
"summary": "https://go.dev/cl/699275",
"url": "https://go.dev/cl/699275"
},
{
"category": "external",
"summary": "https://go.dev/issue/75054",
"url": "https://go.dev/issue/75054"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ",
"url": "https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3955",
"url": "https://pkg.go.dev/vuln/GO-2025-3955"
}
],
"release_date": "2025-09-22T21:01:55.440000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: CrossOriginProtection bypass in net/http"
},
{
"cve": "CVE-2025-47911",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2026-02-05T18:01:23.423406+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437109"
}
],
"notes": [
{
"category": "description",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "RHBZ#2437109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47911",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47911"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4440",
"url": "https://github.com/golang/vulndb/issues/4440"
},
{
"category": "external",
"summary": "https://go.dev/cl/709876",
"url": "https://go.dev/cl/709876"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c",
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4440",
"url": "https://pkg.go.dev/vuln/GO-2026-4440"
}
],
"release_date": "2026-02-05T17:48:44.562000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html"
},
{
"cve": "CVE-2025-47912",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-10-29T23:01:06.642219+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407247"
}
],
"notes": [
{
"category": "description",
"text": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "RHBZ#2407247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912"
},
{
"category": "external",
"summary": "https://go.dev/cl/709857",
"url": "https://go.dev/cl/709857"
},
{
"category": "external",
"summary": "https://go.dev/issue/75678",
"url": "https://go.dev/issue/75678"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4010",
"url": "https://pkg.go.dev/vuln/GO-2025-4010"
}
],
"release_date": "2025-10-29T22:10:13.435000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url"
},
{
"cve": "CVE-2025-47914",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-19T21:01:06.202641+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. The golang.org/x/crypto/ssh/agent library, when used in SSH Agent servers, does not properly validate the size of messages during new identity requests. A specially crafted malformed message can lead to an out-of-bounds read, causing the program to panic and resulting in a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "RHBZ#2416000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://go.dev/cl/721960",
"url": "https://go.dev/cl/721960"
},
{
"category": "external",
"summary": "https://go.dev/issue/76364",
"url": "https://go.dev/issue/76364"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4135",
"url": "https://pkg.go.dev/vuln/GO-2025-4135"
}
],
"release_date": "2025-11-19T20:33:43.126000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages"
},
{
"cve": "CVE-2025-58181",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-11-19T21:00:50.197590+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415997"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. SSH servers utilizing `golang.org/x/crypto/ssh` and configured to process GSSAPI authentication requests are susceptible to unbounded memory consumption. An attacker can exploit this by sending specially crafted GSSAPI authentication requests, potentially leading to a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "RHBZ#2415997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415997"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://go.dev/cl/721961",
"url": "https://go.dev/cl/721961"
},
{
"category": "external",
"summary": "https://go.dev/issue/76363",
"url": "https://go.dev/issue/76363"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4134",
"url": "https://pkg.go.dev/vuln/GO-2025-4134"
}
],
"release_date": "2025-11-19T20:33:42.795000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58185",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:25.877898+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407251"
}
],
"notes": [
{
"category": "description",
"text": "A memory exhaustion flaw has been discovered in the golang encoding/asn1 module. Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "RHBZ#2407251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407251"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd",
"url": "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd"
},
{
"category": "external",
"summary": "https://go.dev/cl/709856",
"url": "https://go.dev/cl/709856"
},
{
"category": "external",
"summary": "https://go.dev/issue/75671",
"url": "https://go.dev/issue/75671"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4011",
"url": "https://pkg.go.dev/vuln/GO-2025-4011"
}
],
"release_date": "2025-10-29T22:10:13.682000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1"
},
{
"cve": "CVE-2025-58186",
"discovery_date": "2025-10-29T23:01:22.260983+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407250"
}
],
"notes": [
{
"category": "description",
"text": "Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as \"a=;\", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "RHBZ#2407250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407250"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186"
},
{
"category": "external",
"summary": "https://go.dev/cl/709855",
"url": "https://go.dev/cl/709855"
},
{
"category": "external",
"summary": "https://go.dev/issue/75672",
"url": "https://go.dev/issue/75672"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4012",
"url": "https://pkg.go.dev/vuln/GO-2025-4012"
}
],
"release_date": "2025-10-29T22:10:13.912000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http"
},
{
"cve": "CVE-2025-58187",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:54.130980+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407259"
}
],
"notes": [
{
"category": "description",
"text": "A potential denial of service flaw has been discovered in golang\u0027s crypto/x509 module. Due to the design of the name constraint checking algorithm, the processing time of some inputs scales non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "RHBZ#2407259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4",
"url": "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4"
},
{
"category": "external",
"summary": "https://go.dev/cl/709854",
"url": "https://go.dev/cl/709854"
},
{
"category": "external",
"summary": "https://go.dev/issue/75681",
"url": "https://go.dev/issue/75681"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4007",
"url": "https://pkg.go.dev/vuln/GO-2025-4007"
}
],
"release_date": "2025-10-29T22:10:12.624000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509"
},
{
"cve": "CVE-2025-58188",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2025-10-29T23:01:39.787633+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407255"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impacts are limited on Red Hat products as they do not affect the host systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "RHBZ#2407255",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407255"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9",
"url": "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9"
},
{
"category": "external",
"summary": "https://go.dev/cl/709853",
"url": "https://go.dev/cl/709853"
},
{
"category": "external",
"summary": "https://go.dev/issue/75675",
"url": "https://go.dev/issue/75675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4013",
"url": "https://pkg.go.dev/vuln/GO-2025-4013"
}
],
"release_date": "2025-10-29T22:10:14.143000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509"
},
{
"cve": "CVE-2025-58189",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2025-10-29T23:01:57.740310+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407260"
}
],
"notes": [
{
"category": "description",
"text": "The crypto/tls conn.Handshake method returns an error on the server-side when ALPN negotation fails which can contain arbitrary attacker controlled information provided by the client-side of the connection which is not escaped. This affects programs which log these errors without any additional form of sanitization, and may allow injection of attacker controlled information into logs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "RHBZ#2407260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"category": "external",
"summary": "https://go.dev/cl/707776",
"url": "https://go.dev/cl/707776"
},
{
"category": "external",
"summary": "https://go.dev/issue/75652",
"url": "https://go.dev/issue/75652"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4008",
"url": "https://pkg.go.dev/vuln/GO-2025-4008"
}
],
"release_date": "2025-10-29T22:10:12.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information"
},
{
"cve": "CVE-2025-58190",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-05T18:01:26.511908+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437110"
}
],
"notes": [
{
"category": "description",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Infinite parsing loop in golang.org/x/net",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "RHBZ#2437110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4441",
"url": "https://github.com/golang/vulndb/issues/4441"
},
{
"category": "external",
"summary": "https://go.dev/cl/709875",
"url": "https://go.dev/cl/709875"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c",
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4441",
"url": "https://pkg.go.dev/vuln/GO-2026-4441"
}
],
"release_date": "2026-02-05T17:48:44.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Infinite parsing loop in golang.org/x/net"
},
{
"cve": "CVE-2025-61723",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:29.304260+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407252"
}
],
"notes": [
{
"category": "description",
"text": "A potential denial of service flaw has been discovered in the golang encoding/pem module. Due to the design of the PEM parsing function, the processing time for some\ninputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs and may result in an unresponsive program should an attacker exploit it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "RHBZ#2407252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b",
"url": "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b"
},
{
"category": "external",
"summary": "https://go.dev/cl/709858",
"url": "https://go.dev/cl/709858"
},
{
"category": "external",
"summary": "https://go.dev/issue/75676",
"url": "https://go.dev/issue/75676"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4009",
"url": "https://pkg.go.dev/vuln/GO-2025-4009"
}
],
"release_date": "2025-10-29T22:10:13.220000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem"
},
{
"cve": "CVE-2025-61724",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2025-10-29T23:01:47.202663+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407257"
}
],
"notes": [
{
"category": "description",
"text": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "RHBZ#2407257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407257"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"category": "external",
"summary": "https://go.dev/cl/709859",
"url": "https://go.dev/cl/709859"
},
{
"category": "external",
"summary": "https://go.dev/issue/75716",
"url": "https://go.dev/issue/75716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4015",
"url": "https://pkg.go.dev/vuln/GO-2025-4015"
}
],
"release_date": "2025-10-29T22:10:14.609000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto"
},
{
"cve": "CVE-2025-61725",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:18.805163+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407249"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability has been discovered in the golang net/mail module. The ParseAddress function constructed domain-literal address components through repeated string concatenation which when parsing large domain-literal components, could cause excessive CPU consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: Excessive CPU consumption in ParseAddress in net/mail",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "RHBZ#2407249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407249"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
},
{
"category": "external",
"summary": "https://go.dev/cl/709860",
"url": "https://go.dev/cl/709860"
},
{
"category": "external",
"summary": "https://go.dev/issue/75680",
"url": "https://go.dev/issue/75680"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4006",
"url": "https://pkg.go.dev/vuln/GO-2025-4006"
}
],
"release_date": "2025-10-29T22:10:12.255000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61727",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2025-12-03T20:01:21.730501+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418677"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to obtain a leaf certificate with a wildcard SAN (e.g., *.example.com) and the legitimate certificate policy must contain an excluded DNS name constraint (e.g., to prevent issuance for test.example.com), allowing an application using the crypto/x509 package to validate the certificate when it should have been rejected and to be vulnerable to MITM (man-in-the-middle) attacks. Additionally, the attacker does not have full control of what data can be read of modified during the attack. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "RHBZ#2418677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418677"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727"
},
{
"category": "external",
"summary": "https://go.dev/cl/723900",
"url": "https://go.dev/cl/723900"
},
{
"category": "external",
"summary": "https://go.dev/issue/76442",
"url": "https://go.dev/issue/76442"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4175",
"url": "https://pkg.go.dev/vuln/GO-2025-4175"
}
],
"release_date": "2025-12-03T19:37:15.054000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-61730",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-01-28T20:01:36.508659+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434430"
}
],
"notes": [
{
"category": "description",
"text": "A TLS connection handling flaw has been discovered in the golang crypto/tls library. During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The data leak after exploitation of this vulnerability is minor, data such as Handshake message contents that should have been processed only after switching to a stronger TLS 1.3 encryption level, Protocol state details such as which handshake message was processed when, Timing and ordering information about the TLS 1.3 state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "RHBZ#2434430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434430"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
},
{
"category": "external",
"summary": "https://go.dev/cl/724120",
"url": "https://go.dev/cl/724120"
},
{
"category": "external",
"summary": "https://go.dev/issue/76443",
"url": "https://go.dev/issue/76443"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4340",
"url": "https://pkg.go.dev/vuln/GO-2026-4340"
}
],
"release_date": "2026-01-28T19:30:30.986000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls"
},
{
"cve": "CVE-2025-61731",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:45.587773+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434433"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the \u0027#cgo pkg-config:\u0027 directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a \u0027--log-file\u0027 argument to the pkg-config command. This vulnerability can lead to arbitrary file write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is Important rather than Moderate because compiling a malicious Go source file can cause `pkg-config` to create or append data to files at attacker-chosen locations, subject to the permissions of the build user. This can enable unintended filesystem modifications during the build process, which can lead to broken builds, alter tool behavior, and poison caches or artifacts, even without direct code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "RHBZ#2434433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://go.dev/cl/736711",
"url": "https://go.dev/cl/736711"
},
{
"category": "external",
"summary": "https://go.dev/issue/77100",
"url": "https://go.dev/issue/77100"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4339",
"url": "https://pkg.go.dev/vuln/GO-2026-4339"
}
],
"release_date": "2026-01-28T19:30:30.844000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive"
},
{
"cve": "CVE-2025-61732",
"discovery_date": "2026-02-05T05:00:47.678207+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s \u0027cgo tool\u0027. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in the `cmd/cgo` component of the Go toolchain. A parsing discrepancy between Go and C/C++ comments could allow for code smuggling into the resulting `cgo` binary. This primarily affects systems where untrusted Go modules utilizing `cgo` are built, impacting Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "RHBZ#2437016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://go.dev/cl/734220",
"url": "https://go.dev/cl/734220"
},
{
"category": "external",
"summary": "https://go.dev/issue/76697",
"url": "https://go.dev/issue/76697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4433",
"url": "https://pkg.go.dev/vuln/GO-2026-4433"
}
],
"release_date": "2026-02-05T03:42:26.392000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy"
},
{
"cve": "CVE-2025-68119",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:57.098669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434438"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang\u0027s cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial (hg) installed, this can occur when downloading modules from non-standard sources due to how external Version Control System (VCS) commands are constructed. Additionally, on systems with Git installed, providing malicious version strings to the toolchain can enable an attacker to write to arbitrary files on the filesystem. This issue is triggered by explicitly supplying these malicious version strings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Local code execution and arbitrary file write via malicious module version strings",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is rated Moderate severity by Red Hat Product Security, because exploitation requires non-standard and intentional user behavior. \n\nThe attacker must explicitly supply a specially crafted module version string, which does not occur during normal Go module usage such as @latest or standard module paths, making the attack complexity high. \n\nAdditionally, user interaction is required, as the vulnerable behavior is only triggered when a user manually invokes the Go toolchain to download or build the malicious module.\n \nWhile successful exploitation can result in local code execution or arbitrary file modification, the combination of local access, manual input, and uncommon usage patterns significantly limits the likelihood of exploitation in typical environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "RHBZ#2434438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434438"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119"
},
{
"category": "external",
"summary": "https://go.dev/cl/736710",
"url": "https://go.dev/cl/736710"
},
{
"category": "external",
"summary": "https://go.dev/issue/77099",
"url": "https://go.dev/issue/77099"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4338",
"url": "https://pkg.go.dev/vuln/GO-2026-4338"
}
],
"release_date": "2026-01-28T19:30:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cmd/go: cmd/go: Local code execution and arbitrary file write via malicious module version strings"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-27138",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:35.939008+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445344"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Panic in name constraint checking for malformed certificates in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27138"
},
{
"category": "external",
"summary": "RHBZ#2445344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27138",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27138"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27138",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27138"
},
{
"category": "external",
"summary": "https://go.dev/cl/752183",
"url": "https://go.dev/cl/752183"
},
{
"category": "external",
"summary": "https://go.dev/issue/77953",
"url": "https://go.dev/issue/77953"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4600",
"url": "https://pkg.go.dev/vuln/GO-2026-4600"
}
],
"release_date": "2026-03-06T21:28:14+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "crypto/x509: Panic in name constraint checking for malformed certificates in crypto/x509"
},
{
"cve": "CVE-2026-27139",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-06T22:01:08.670782+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445335"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the golang `os` module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os: FileInfo can escape from a Root in golang os module",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27139"
},
{
"category": "external",
"summary": "RHBZ#2445335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
},
{
"category": "external",
"summary": "https://go.dev/cl/749480",
"url": "https://go.dev/cl/749480"
},
{
"category": "external",
"summary": "https://go.dev/issue/77827",
"url": "https://go.dev/issue/77827"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4602",
"url": "https://pkg.go.dev/vuln/GO-2026-4602"
}
],
"release_date": "2026-03-06T21:28:14.451000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "os: FileInfo can escape from a Root in golang os module"
},
{
"cve": "CVE-2026-27141",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-02-26T20:09:11.626155+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443104"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/http2. A remote attacker can exploit this vulnerability by sending specially crafted HTTP/2 frames, which are data packets used in the HTTP/2 protocol. Due to a missing check for null values, processing these specific frames (types 0x0a through 0x0f) can cause the server to crash. This leads to a Denial of Service (DoS) condition, making the affected server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27141"
},
{
"category": "external",
"summary": "RHBZ#2443104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443104"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141"
},
{
"category": "external",
"summary": "https://go.dev/cl/746180",
"url": "https://go.dev/cl/746180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77652",
"url": "https://go.dev/issue/77652"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4559",
"url": "https://pkg.go.dev/vuln/GO-2026-4559"
}
],
"release_date": "2026-02-26T18:50:31.830000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames"
},
{
"cve": "CVE-2026-27142",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-03-06T22:01:56.662646+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445351"
}
],
"notes": [
{
"category": "description",
"text": "An input escaping flaw has been discovered in the golang html/template module. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: URLs in meta content attribute actions are not escaped in html/template",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27142"
},
{
"category": "external",
"summary": "RHBZ#2445351",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445351"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
},
{
"category": "external",
"summary": "https://go.dev/cl/752081",
"url": "https://go.dev/cl/752081"
},
{
"category": "external",
"summary": "https://go.dev/issue/77954",
"url": "https://go.dev/issue/77954"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4603",
"url": "https://pkg.go.dev/vuln/GO-2026-4603"
}
],
"release_date": "2026-03-06T21:28:14.674000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: URLs in meta content attribute actions are not escaped in html/template"
},
{
"cve": "CVE-2026-27143",
"cwe": {
"id": "CWE-733",
"name": "Compiler Optimization Removal or Modification of Security-critical Code"
},
"discovery_date": "2026-04-08T02:01:29.491546+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: possible memory corruption after bound check elimination",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only exploitable in applications that contain a loop structure that relies on an induction variable. An induction variable is a variable that gets modified, usually incremented or decremented, by a predictable amount on each iteration. Inside the loop, the induction variable must be directly used as the index to access or modify elements within an array or a slice. Additionally, an attacker must be able to cause an integer overflow or underflow in the induction variable to trigger this issue. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "RHBZ#2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://go.dev/cl/763765",
"url": "https://go.dev/cl/763765"
},
{
"category": "external",
"summary": "https://go.dev/issue/78333",
"url": "https://go.dev/issue/78333"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4868",
"url": "https://pkg.go.dev/vuln/GO-2026-4868"
}
],
"release_date": "2026-04-08T01:06:57.168000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, strictly sanitize and enforce bounds checking on any untrusted user input that influences loop counters, iteration limits, or memory indices. If there is no integer overflow or underflow, the out-of-bounds access cannot occur.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: possible memory corruption after bound check elimination"
},
{
"cve": "CVE-2026-27144",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2026-04-08T02:01:22.896153+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: no-op interface conversion bypasses overlap checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable in applications that contain a memory move or copy operation that is subject to a no-op (no-operation) interface conversion. Furthermore, the source and destination memory addresses involved in the move or copy must overlap and an attacker must be able to supply an input that triggers this specific operation. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "RHBZ#2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://go.dev/cl/763764",
"url": "https://go.dev/cl/763764"
},
{
"category": "external",
"summary": "https://go.dev/issue/78371",
"url": "https://go.dev/issue/78371"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4867",
"url": "https://pkg.go.dev/vuln/GO-2026-4867"
}
],
"release_date": "2026-04-08T01:06:56.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "To mitigate this issue, review code that performs memory copies or struct assignments. If data is being passed through an interface (such as \u0027any\u0027 or \u0027interface{}\u0027) just before a move operation, refactor the code to use concrete types or explicit pointers instead.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: no-op interface conversion bypasses overlap checking"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-32288",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:00:57.624222+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `archive/tar` package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the `tar.Reader` processes an archive containing a large number of sparse regions in the \"old GNU sparse map\" format, it can lead to unbounded memory allocation. This can result in a Denial of Service (DoS) condition, making the affected application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "archive/tar: golang: Go\u0027s archive/tar package: Denial of Service via maliciously-crafted archive",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32288"
},
{
"category": "external",
"summary": "RHBZ#2456332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32288"
},
{
"category": "external",
"summary": "https://go.dev/cl/763766",
"url": "https://go.dev/cl/763766"
},
{
"category": "external",
"summary": "https://go.dev/issue/78301",
"url": "https://go.dev/issue/78301"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4869",
"url": "https://pkg.go.dev/vuln/GO-2026-4869"
}
],
"release_date": "2026-04-08T01:06:57.416000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "archive/tar: golang: Go\u0027s archive/tar package: Denial of Service via maliciously-crafted archive"
},
{
"cve": "CVE-2026-32289",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-04-08T02:01:05.911683+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456334"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `html/template` package. This vulnerability arises from improper tracking of context and brace depth within JavaScript (JS) template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into web pages viewed by other users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32289"
},
{
"category": "external",
"summary": "RHBZ#2456334",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456334"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289"
},
{
"category": "external",
"summary": "https://go.dev/cl/763762",
"url": "https://go.dev/cl/763762"
},
{
"category": "external",
"summary": "https://go.dev/issue/78331",
"url": "https://go.dev/issue/78331"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4865",
"url": "https://pkg.go.dev/vuln/GO-2026-4865"
}
],
"release_date": "2026-04-08T01:06:56.297000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals"
},
{
"cve": "CVE-2026-33809",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-25T19:01:55.384019+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451437"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format (TIFF) file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes (GiB) of memory. The excessive resource consumption or an out-of-memory error would lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33809"
},
{
"category": "external",
"summary": "RHBZ#2451437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451437"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33809",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33809"
},
{
"category": "external",
"summary": "https://go.dev/cl/757660",
"url": "https://go.dev/cl/757660"
},
{
"category": "external",
"summary": "https://go.dev/issue/78267",
"url": "https://go.dev/issue/78267"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4815",
"url": "https://pkg.go.dev/vuln/GO-2026-4815"
}
],
"release_date": "2026-03-25T18:24:04.222000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
}
]
}
RHSA-2026:7385
Vulnerability from csaf_redhat - Published: 2026-04-10 14:24 - Updated: 2026-07-03 11:01A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in "../", an attacker may be able to open the immediate parent directory of the intended Root. Although this escape does not allow traversal to higher-level ancestors or direct access to files within the parent directory, it may expose directory metadata or unintended filesystem structure if the application passes untrusted path input to Root.Open.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A CrossOriginProtection bypass has been discovered in the golang net/http package. When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A memory exhaustion flaw has been discovered in the golang encoding/asn1 module. Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A potential denial of service flaw has been discovered in golang's crypto/x509 module. Due to the design of the name constraint checking algorithm, the processing time of some inputs scales non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The crypto/tls conn.Handshake method returns an error on the server-side when ALPN negotation fails which can contain arbitrary attacker controlled information provided by the client-side of the connection which is not escaped. This affects programs which log these errors without any additional form of sanitization, and may allow injection of attacker controlled information into logs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A potential denial of service flaw has been discovered in the golang encoding/pem module. Due to the design of the PEM parsing function, the processing time for some inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs and may result in an unresponsive program should an attacker exploit it.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A denial of service vulnerability has been discovered in the golang net/mail module. The ParseAddress function constructed domain-literal address components through repeated string concatenation which when parsing large domain-literal components, could cause excessive CPU consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A TLS connection handling flaw has been discovered in the golang crypto/tls library. During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Golang's cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial (hg) installed, this can occur when downloading modules from non-standard sources due to how external Version Control System (VCS) commands are constructed. Additionally, on systems with Git installed, providing malicious version strings to the toolchain can enable an attacker to write to arbitrary files on the filesystem. This issue is triggered by explicitly supplying these malicious version strings.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A path traversal flaw has been discovered in the golang `os` module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/net/http2. A remote attacker can exploit this vulnerability by sending specially crafted HTTP/2 frames, which are data packets used in the HTTP/2 protocol. Due to a missing check for null values, processing these specific frames (types 0x0a through 0x0f) can cause the server to crash. This leads to a Denial of Service (DoS) condition, making the affected server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Go's `archive/tar` package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the `tar.Reader` processes an archive containing a large number of sparse regions in the "old GNU sparse map" format, it can lead to unbounded memory allocation. This can result in a Denial of Service (DoS) condition, making the affected application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `html/template` package. This vulnerability arises from improper tracking of context and brace depth within JavaScript (JS) template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into web pages viewed by other users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format (TIFF) file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes (GiB) of memory. The excessive resource consumption or an out-of-memory error would lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7385",
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27141",
"url": "https://access.redhat.com/security/cve/CVE-2026-27141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58190",
"url": "https://access.redhat.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47911",
"url": "https://access.redhat.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22873",
"url": "https://access.redhat.com/security/cve/CVE-2025-22873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68119",
"url": "https://access.redhat.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61732",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61731",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61725",
"url": "https://access.redhat.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61724",
"url": "https://access.redhat.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61723",
"url": "https://access.redhat.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58186",
"url": "https://access.redhat.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58185",
"url": "https://access.redhat.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58181",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47914",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47912",
"url": "https://access.redhat.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47910",
"url": "https://access.redhat.com/security/cve/CVE-2025-47910"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61730",
"url": "https://access.redhat.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58189",
"url": "https://access.redhat.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58187",
"url": "https://access.redhat.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58188",
"url": "https://access.redhat.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33809",
"url": "https://access.redhat.com/security/cve/CVE-2026-33809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32289",
"url": "https://access.redhat.com/security/cve/CVE-2026-32289"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32288",
"url": "https://access.redhat.com/security/cve/CVE-2026-32288"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32283",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27144",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27143",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61727",
"url": "https://access.redhat.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27139",
"url": "https://access.redhat.com/security/cve/CVE-2026-27139"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33813",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42503",
"url": "https://access.redhat.com/security/cve/CVE-2026-42503"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7385.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-03T11:01:41+00:00",
"generator": {
"date": "2026-07-03T11:01:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7385",
"initial_release_date": "2026-04-10T14:24:10+00:00",
"revision_history": [
{
"date": "2026-04-10T14:24:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-07T03:11:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@aarch64",
"product": {
"name": "golang1-25-main@aarch64",
"product_id": "golang1-25-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.9-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@src",
"product": {
"name": "golang1-25-main@src",
"product_id": "golang1-25-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.9-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@x86_64",
"product": {
"name": "golang1-25-main@x86_64",
"product_id": "golang1-25-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.9-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@noarch",
"product": {
"name": "golang1-25-main@noarch",
"product_id": "golang1-25-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25-docs@1.25.9-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@aarch64"
},
"product_reference": "golang1-25-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@noarch"
},
"product_reference": "golang1-25-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@src"
},
"product_reference": "golang1-25-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@x86_64"
},
"product_reference": "golang1-25-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22873",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-05T00:01:17.475869+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436992"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in \"../\", an attacker may be able to open the immediate parent directory of the intended Root. Although this escape does not allow traversal to higher-level ancestors or direct access to files within the parent directory, it may expose directory metadata or unintended filesystem structure if the application passes untrusted path input to Root.Open.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os: os: Information disclosure via path traversal using specially crafted filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security classified this issue as Moderate.\n\nThe flaw exists in a local filesystem abstraction within the Go standard library, it can also be exploited remotely in applications that accept attacker-controlled path input over a network and pass it to Root.Open without proper validation. The attack complexity is low, as exploitation requires only appending \"../\" to the supplied path. However, the impact is limited: the flaw permits opening only the immediate parent directory, not arbitrary filesystem locations or files contained within that directory. There is no direct impact on file integrity or application availability. These constraints limit the practical exposure of the issue while still represents a boundary bypass and may expose unintended filesystem metadata. The issue does not permit traversal beyond the parent directory, modification of files, or broader system compromise, thereby constraining its overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22873"
},
{
"category": "external",
"summary": "RHBZ#2436992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436992"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22873"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2025/05/06/2",
"url": "http://www.openwall.com/lists/oss-security/2025/05/06/2"
},
{
"category": "external",
"summary": "https://go.dev/cl/670036",
"url": "https://go.dev/cl/670036"
},
{
"category": "external",
"summary": "https://go.dev/issue/73555",
"url": "https://go.dev/issue/73555"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4403",
"url": "https://pkg.go.dev/vuln/GO-2026-4403"
}
],
"release_date": "2026-02-04T23:05:24.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "os: os: Information disclosure via path traversal using specially crafted filenames"
},
{
"cve": "CVE-2025-47910",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2025-09-22T22:00:44.572202+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397528"
}
],
"notes": [
{
"category": "description",
"text": "A CrossOriginProtection bypass has been discovered in the golang net/http package. When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: CrossOriginProtection bypass in net/http",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47910"
},
{
"category": "external",
"summary": "RHBZ#2397528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47910",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47910"
},
{
"category": "external",
"summary": "https://go.dev/cl/699275",
"url": "https://go.dev/cl/699275"
},
{
"category": "external",
"summary": "https://go.dev/issue/75054",
"url": "https://go.dev/issue/75054"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ",
"url": "https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3955",
"url": "https://pkg.go.dev/vuln/GO-2025-3955"
}
],
"release_date": "2025-09-22T21:01:55.440000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: CrossOriginProtection bypass in net/http"
},
{
"cve": "CVE-2025-47911",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2026-02-05T18:01:23.423406+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437109"
}
],
"notes": [
{
"category": "description",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "RHBZ#2437109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47911",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47911"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4440",
"url": "https://github.com/golang/vulndb/issues/4440"
},
{
"category": "external",
"summary": "https://go.dev/cl/709876",
"url": "https://go.dev/cl/709876"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c",
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4440",
"url": "https://pkg.go.dev/vuln/GO-2026-4440"
}
],
"release_date": "2026-02-05T17:48:44.562000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html"
},
{
"cve": "CVE-2025-47912",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-10-29T23:01:06.642219+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407247"
}
],
"notes": [
{
"category": "description",
"text": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "RHBZ#2407247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912"
},
{
"category": "external",
"summary": "https://go.dev/cl/709857",
"url": "https://go.dev/cl/709857"
},
{
"category": "external",
"summary": "https://go.dev/issue/75678",
"url": "https://go.dev/issue/75678"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4010",
"url": "https://pkg.go.dev/vuln/GO-2025-4010"
}
],
"release_date": "2025-10-29T22:10:13.435000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url"
},
{
"cve": "CVE-2025-47914",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-19T21:01:06.202641+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. The golang.org/x/crypto/ssh/agent library, when used in SSH Agent servers, does not properly validate the size of messages during new identity requests. A specially crafted malformed message can lead to an out-of-bounds read, causing the program to panic and resulting in a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "RHBZ#2416000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://go.dev/cl/721960",
"url": "https://go.dev/cl/721960"
},
{
"category": "external",
"summary": "https://go.dev/issue/76364",
"url": "https://go.dev/issue/76364"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4135",
"url": "https://pkg.go.dev/vuln/GO-2025-4135"
}
],
"release_date": "2025-11-19T20:33:43.126000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages"
},
{
"cve": "CVE-2025-58181",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-11-19T21:00:50.197590+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415997"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. SSH servers utilizing `golang.org/x/crypto/ssh` and configured to process GSSAPI authentication requests are susceptible to unbounded memory consumption. An attacker can exploit this by sending specially crafted GSSAPI authentication requests, potentially leading to a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "RHBZ#2415997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415997"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://go.dev/cl/721961",
"url": "https://go.dev/cl/721961"
},
{
"category": "external",
"summary": "https://go.dev/issue/76363",
"url": "https://go.dev/issue/76363"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4134",
"url": "https://pkg.go.dev/vuln/GO-2025-4134"
}
],
"release_date": "2025-11-19T20:33:42.795000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58185",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:25.877898+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407251"
}
],
"notes": [
{
"category": "description",
"text": "A memory exhaustion flaw has been discovered in the golang encoding/asn1 module. Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "RHBZ#2407251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407251"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd",
"url": "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd"
},
{
"category": "external",
"summary": "https://go.dev/cl/709856",
"url": "https://go.dev/cl/709856"
},
{
"category": "external",
"summary": "https://go.dev/issue/75671",
"url": "https://go.dev/issue/75671"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4011",
"url": "https://pkg.go.dev/vuln/GO-2025-4011"
}
],
"release_date": "2025-10-29T22:10:13.682000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1"
},
{
"cve": "CVE-2025-58186",
"discovery_date": "2025-10-29T23:01:22.260983+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407250"
}
],
"notes": [
{
"category": "description",
"text": "Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as \"a=;\", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "RHBZ#2407250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407250"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186"
},
{
"category": "external",
"summary": "https://go.dev/cl/709855",
"url": "https://go.dev/cl/709855"
},
{
"category": "external",
"summary": "https://go.dev/issue/75672",
"url": "https://go.dev/issue/75672"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4012",
"url": "https://pkg.go.dev/vuln/GO-2025-4012"
}
],
"release_date": "2025-10-29T22:10:13.912000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http"
},
{
"cve": "CVE-2025-58187",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:54.130980+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407259"
}
],
"notes": [
{
"category": "description",
"text": "A potential denial of service flaw has been discovered in golang\u0027s crypto/x509 module. Due to the design of the name constraint checking algorithm, the processing time of some inputs scales non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "RHBZ#2407259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4",
"url": "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4"
},
{
"category": "external",
"summary": "https://go.dev/cl/709854",
"url": "https://go.dev/cl/709854"
},
{
"category": "external",
"summary": "https://go.dev/issue/75681",
"url": "https://go.dev/issue/75681"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4007",
"url": "https://pkg.go.dev/vuln/GO-2025-4007"
}
],
"release_date": "2025-10-29T22:10:12.624000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509"
},
{
"cve": "CVE-2025-58188",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2025-10-29T23:01:39.787633+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407255"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impacts are limited on Red Hat products as they do not affect the host systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "RHBZ#2407255",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407255"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9",
"url": "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9"
},
{
"category": "external",
"summary": "https://go.dev/cl/709853",
"url": "https://go.dev/cl/709853"
},
{
"category": "external",
"summary": "https://go.dev/issue/75675",
"url": "https://go.dev/issue/75675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4013",
"url": "https://pkg.go.dev/vuln/GO-2025-4013"
}
],
"release_date": "2025-10-29T22:10:14.143000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509"
},
{
"cve": "CVE-2025-58189",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2025-10-29T23:01:57.740310+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407260"
}
],
"notes": [
{
"category": "description",
"text": "The crypto/tls conn.Handshake method returns an error on the server-side when ALPN negotation fails which can contain arbitrary attacker controlled information provided by the client-side of the connection which is not escaped. This affects programs which log these errors without any additional form of sanitization, and may allow injection of attacker controlled information into logs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "RHBZ#2407260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"category": "external",
"summary": "https://go.dev/cl/707776",
"url": "https://go.dev/cl/707776"
},
{
"category": "external",
"summary": "https://go.dev/issue/75652",
"url": "https://go.dev/issue/75652"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4008",
"url": "https://pkg.go.dev/vuln/GO-2025-4008"
}
],
"release_date": "2025-10-29T22:10:12.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information"
},
{
"cve": "CVE-2025-58190",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-05T18:01:26.511908+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437110"
}
],
"notes": [
{
"category": "description",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Infinite parsing loop in golang.org/x/net",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "RHBZ#2437110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4441",
"url": "https://github.com/golang/vulndb/issues/4441"
},
{
"category": "external",
"summary": "https://go.dev/cl/709875",
"url": "https://go.dev/cl/709875"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c",
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4441",
"url": "https://pkg.go.dev/vuln/GO-2026-4441"
}
],
"release_date": "2026-02-05T17:48:44.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Infinite parsing loop in golang.org/x/net"
},
{
"cve": "CVE-2025-61723",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:29.304260+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407252"
}
],
"notes": [
{
"category": "description",
"text": "A potential denial of service flaw has been discovered in the golang encoding/pem module. Due to the design of the PEM parsing function, the processing time for some\ninputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs and may result in an unresponsive program should an attacker exploit it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "RHBZ#2407252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b",
"url": "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b"
},
{
"category": "external",
"summary": "https://go.dev/cl/709858",
"url": "https://go.dev/cl/709858"
},
{
"category": "external",
"summary": "https://go.dev/issue/75676",
"url": "https://go.dev/issue/75676"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4009",
"url": "https://pkg.go.dev/vuln/GO-2025-4009"
}
],
"release_date": "2025-10-29T22:10:13.220000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem"
},
{
"cve": "CVE-2025-61724",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2025-10-29T23:01:47.202663+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407257"
}
],
"notes": [
{
"category": "description",
"text": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "RHBZ#2407257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407257"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"category": "external",
"summary": "https://go.dev/cl/709859",
"url": "https://go.dev/cl/709859"
},
{
"category": "external",
"summary": "https://go.dev/issue/75716",
"url": "https://go.dev/issue/75716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4015",
"url": "https://pkg.go.dev/vuln/GO-2025-4015"
}
],
"release_date": "2025-10-29T22:10:14.609000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto"
},
{
"cve": "CVE-2025-61725",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:18.805163+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407249"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability has been discovered in the golang net/mail module. The ParseAddress function constructed domain-literal address components through repeated string concatenation which when parsing large domain-literal components, could cause excessive CPU consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: Excessive CPU consumption in ParseAddress in net/mail",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "RHBZ#2407249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407249"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
},
{
"category": "external",
"summary": "https://go.dev/cl/709860",
"url": "https://go.dev/cl/709860"
},
{
"category": "external",
"summary": "https://go.dev/issue/75680",
"url": "https://go.dev/issue/75680"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4006",
"url": "https://pkg.go.dev/vuln/GO-2025-4006"
}
],
"release_date": "2025-10-29T22:10:12.255000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61727",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2025-12-03T20:01:21.730501+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418677"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to obtain a leaf certificate with a wildcard SAN (e.g., *.example.com) and the legitimate certificate policy must contain an excluded DNS name constraint (e.g., to prevent issuance for test.example.com), allowing an application using the crypto/x509 package to validate the certificate when it should have been rejected and to be vulnerable to MITM (man-in-the-middle) attacks. Additionally, the attacker does not have full control of what data can be read of modified during the attack. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "RHBZ#2418677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418677"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727"
},
{
"category": "external",
"summary": "https://go.dev/cl/723900",
"url": "https://go.dev/cl/723900"
},
{
"category": "external",
"summary": "https://go.dev/issue/76442",
"url": "https://go.dev/issue/76442"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4175",
"url": "https://pkg.go.dev/vuln/GO-2025-4175"
}
],
"release_date": "2025-12-03T19:37:15.054000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-61730",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-01-28T20:01:36.508659+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434430"
}
],
"notes": [
{
"category": "description",
"text": "A TLS connection handling flaw has been discovered in the golang crypto/tls library. During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The data leak after exploitation of this vulnerability is minor, data such as Handshake message contents that should have been processed only after switching to a stronger TLS 1.3 encryption level, Protocol state details such as which handshake message was processed when, Timing and ordering information about the TLS 1.3 state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "RHBZ#2434430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434430"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
},
{
"category": "external",
"summary": "https://go.dev/cl/724120",
"url": "https://go.dev/cl/724120"
},
{
"category": "external",
"summary": "https://go.dev/issue/76443",
"url": "https://go.dev/issue/76443"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4340",
"url": "https://pkg.go.dev/vuln/GO-2026-4340"
}
],
"release_date": "2026-01-28T19:30:30.986000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls"
},
{
"cve": "CVE-2025-61731",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:45.587773+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434433"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the \u0027#cgo pkg-config:\u0027 directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a \u0027--log-file\u0027 argument to the pkg-config command. This vulnerability can lead to arbitrary file write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is Important rather than Moderate because compiling a malicious Go source file can cause `pkg-config` to create or append data to files at attacker-chosen locations, subject to the permissions of the build user. This can enable unintended filesystem modifications during the build process, which can lead to broken builds, alter tool behavior, and poison caches or artifacts, even without direct code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "RHBZ#2434433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://go.dev/cl/736711",
"url": "https://go.dev/cl/736711"
},
{
"category": "external",
"summary": "https://go.dev/issue/77100",
"url": "https://go.dev/issue/77100"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4339",
"url": "https://pkg.go.dev/vuln/GO-2026-4339"
}
],
"release_date": "2026-01-28T19:30:30.844000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive"
},
{
"cve": "CVE-2025-61732",
"discovery_date": "2026-02-05T05:00:47.678207+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s \u0027cgo tool\u0027. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in the `cmd/cgo` component of the Go toolchain. A parsing discrepancy between Go and C/C++ comments could allow for code smuggling into the resulting `cgo` binary. This primarily affects systems where untrusted Go modules utilizing `cgo` are built, impacting Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "RHBZ#2437016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://go.dev/cl/734220",
"url": "https://go.dev/cl/734220"
},
{
"category": "external",
"summary": "https://go.dev/issue/76697",
"url": "https://go.dev/issue/76697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4433",
"url": "https://pkg.go.dev/vuln/GO-2026-4433"
}
],
"release_date": "2026-02-05T03:42:26.392000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy"
},
{
"cve": "CVE-2025-68119",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:57.098669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434438"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang\u0027s cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial (hg) installed, this can occur when downloading modules from non-standard sources due to how external Version Control System (VCS) commands are constructed. Additionally, on systems with Git installed, providing malicious version strings to the toolchain can enable an attacker to write to arbitrary files on the filesystem. This issue is triggered by explicitly supplying these malicious version strings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Local code execution and arbitrary file write via malicious module version strings",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is rated Moderate severity by Red Hat Product Security, because exploitation requires non-standard and intentional user behavior. \n\nThe attacker must explicitly supply a specially crafted module version string, which does not occur during normal Go module usage such as @latest or standard module paths, making the attack complexity high. \n\nAdditionally, user interaction is required, as the vulnerable behavior is only triggered when a user manually invokes the Go toolchain to download or build the malicious module.\n \nWhile successful exploitation can result in local code execution or arbitrary file modification, the combination of local access, manual input, and uncommon usage patterns significantly limits the likelihood of exploitation in typical environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "RHBZ#2434438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434438"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119"
},
{
"category": "external",
"summary": "https://go.dev/cl/736710",
"url": "https://go.dev/cl/736710"
},
{
"category": "external",
"summary": "https://go.dev/issue/77099",
"url": "https://go.dev/issue/77099"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4338",
"url": "https://pkg.go.dev/vuln/GO-2026-4338"
}
],
"release_date": "2026-01-28T19:30:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cmd/go: cmd/go: Local code execution and arbitrary file write via malicious module version strings"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27139",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-06T22:01:08.670782+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445335"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the golang `os` module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os: FileInfo can escape from a Root in golang os module",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27139"
},
{
"category": "external",
"summary": "RHBZ#2445335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
},
{
"category": "external",
"summary": "https://go.dev/cl/749480",
"url": "https://go.dev/cl/749480"
},
{
"category": "external",
"summary": "https://go.dev/issue/77827",
"url": "https://go.dev/issue/77827"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4602",
"url": "https://pkg.go.dev/vuln/GO-2026-4602"
}
],
"release_date": "2026-03-06T21:28:14.451000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "os: FileInfo can escape from a Root in golang os module"
},
{
"cve": "CVE-2026-27141",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-02-26T20:09:11.626155+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443104"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/http2. A remote attacker can exploit this vulnerability by sending specially crafted HTTP/2 frames, which are data packets used in the HTTP/2 protocol. Due to a missing check for null values, processing these specific frames (types 0x0a through 0x0f) can cause the server to crash. This leads to a Denial of Service (DoS) condition, making the affected server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27141"
},
{
"category": "external",
"summary": "RHBZ#2443104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443104"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141"
},
{
"category": "external",
"summary": "https://go.dev/cl/746180",
"url": "https://go.dev/cl/746180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77652",
"url": "https://go.dev/issue/77652"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4559",
"url": "https://pkg.go.dev/vuln/GO-2026-4559"
}
],
"release_date": "2026-02-26T18:50:31.830000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames"
},
{
"cve": "CVE-2026-27143",
"cwe": {
"id": "CWE-733",
"name": "Compiler Optimization Removal or Modification of Security-critical Code"
},
"discovery_date": "2026-04-08T02:01:29.491546+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: possible memory corruption after bound check elimination",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only exploitable in applications that contain a loop structure that relies on an induction variable. An induction variable is a variable that gets modified, usually incremented or decremented, by a predictable amount on each iteration. Inside the loop, the induction variable must be directly used as the index to access or modify elements within an array or a slice. Additionally, an attacker must be able to cause an integer overflow or underflow in the induction variable to trigger this issue. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "RHBZ#2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://go.dev/cl/763765",
"url": "https://go.dev/cl/763765"
},
{
"category": "external",
"summary": "https://go.dev/issue/78333",
"url": "https://go.dev/issue/78333"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4868",
"url": "https://pkg.go.dev/vuln/GO-2026-4868"
}
],
"release_date": "2026-04-08T01:06:57.168000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, strictly sanitize and enforce bounds checking on any untrusted user input that influences loop counters, iteration limits, or memory indices. If there is no integer overflow or underflow, the out-of-bounds access cannot occur.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: possible memory corruption after bound check elimination"
},
{
"cve": "CVE-2026-27144",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2026-04-08T02:01:22.896153+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: no-op interface conversion bypasses overlap checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable in applications that contain a memory move or copy operation that is subject to a no-op (no-operation) interface conversion. Furthermore, the source and destination memory addresses involved in the move or copy must overlap and an attacker must be able to supply an input that triggers this specific operation. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "RHBZ#2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://go.dev/cl/763764",
"url": "https://go.dev/cl/763764"
},
{
"category": "external",
"summary": "https://go.dev/issue/78371",
"url": "https://go.dev/issue/78371"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4867",
"url": "https://pkg.go.dev/vuln/GO-2026-4867"
}
],
"release_date": "2026-04-08T01:06:56.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "To mitigate this issue, review code that performs memory copies or struct assignments. If data is being passed through an interface (such as \u0027any\u0027 or \u0027interface{}\u0027) just before a move operation, refactor the code to use concrete types or explicit pointers instead.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: no-op interface conversion bypasses overlap checking"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-32288",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:00:57.624222+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `archive/tar` package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the `tar.Reader` processes an archive containing a large number of sparse regions in the \"old GNU sparse map\" format, it can lead to unbounded memory allocation. This can result in a Denial of Service (DoS) condition, making the affected application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "archive/tar: golang: Go\u0027s archive/tar package: Denial of Service via maliciously-crafted archive",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32288"
},
{
"category": "external",
"summary": "RHBZ#2456332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32288"
},
{
"category": "external",
"summary": "https://go.dev/cl/763766",
"url": "https://go.dev/cl/763766"
},
{
"category": "external",
"summary": "https://go.dev/issue/78301",
"url": "https://go.dev/issue/78301"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4869",
"url": "https://pkg.go.dev/vuln/GO-2026-4869"
}
],
"release_date": "2026-04-08T01:06:57.416000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "archive/tar: golang: Go\u0027s archive/tar package: Denial of Service via maliciously-crafted archive"
},
{
"cve": "CVE-2026-32289",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-04-08T02:01:05.911683+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456334"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `html/template` package. This vulnerability arises from improper tracking of context and brace depth within JavaScript (JS) template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into web pages viewed by other users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32289"
},
{
"category": "external",
"summary": "RHBZ#2456334",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456334"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289"
},
{
"category": "external",
"summary": "https://go.dev/cl/763762",
"url": "https://go.dev/cl/763762"
},
{
"category": "external",
"summary": "https://go.dev/issue/78331",
"url": "https://go.dev/issue/78331"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4865",
"url": "https://pkg.go.dev/vuln/GO-2026-4865"
}
],
"release_date": "2026-04-08T01:06:56.297000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals"
},
{
"cve": "CVE-2026-33809",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-25T19:01:55.384019+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451437"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format (TIFF) file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes (GiB) of memory. The excessive resource consumption or an out-of-memory error would lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33809"
},
{
"category": "external",
"summary": "RHBZ#2451437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451437"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33809",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33809"
},
{
"category": "external",
"summary": "https://go.dev/cl/757660",
"url": "https://go.dev/cl/757660"
},
{
"category": "external",
"summary": "https://go.dev/issue/78267",
"url": "https://go.dev/issue/78267"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4815",
"url": "https://pkg.go.dev/vuln/GO-2026-4815"
}
],
"release_date": "2026-03-25T18:24:04.222000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file"
},
{
"cve": "CVE-2026-33813",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-21T20:01:02.224363+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "RHBZ#2460221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://go.dev/cl/759860",
"url": "https://go.dev/cl/759860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78407",
"url": "https://go.dev/issue/78407"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4961",
"url": "https://pkg.go.dev/vuln/GO-2026-4961"
}
],
"release_date": "2026-04-21T19:21:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing"
}
]
}
RHSA-2026:7676
Vulnerability from csaf_redhat - Published: 2026-04-13 02:21 - Updated: 2026-07-03 11:01A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:rhc-1:0.2.4-3.el7_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:rhc-1:0.2.4-3.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhc is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7676",
"url": "https://access.redhat.com/errata/RHSA-2026:7676"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7676.json"
}
],
"title": "Red Hat Security Advisory: rhc security update",
"tracking": {
"current_release_date": "2026-07-03T11:01:42+00:00",
"generator": {
"date": "2026-07-03T11:01:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7676",
"initial_release_date": "2026-04-13T02:21:56+00:00",
"revision_history": [
{
"date": "2026-04-13T02:21:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-13T02:21:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_els:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.4-3.el7_9.src",
"product": {
"name": "rhc-1:0.2.4-3.el7_9.src",
"product_id": "rhc-1:0.2.4-3.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.4-3.el7_9?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.4-3.el7_9.x86_64",
"product": {
"name": "rhc-1:0.2.4-3.el7_9.x86_64",
"product_id": "rhc-1:0.2.4-3.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.4-3.el7_9?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.4-3.el7_9.s390x",
"product": {
"name": "rhc-1:0.2.4-3.el7_9.s390x",
"product_id": "rhc-1:0.2.4-3.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.4-3.el7_9?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.4-3.el7_9.ppc64le",
"product": {
"name": "rhc-1:0.2.4-3.el7_9.ppc64le",
"product_id": "rhc-1:0.2.4-3.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.4-3.el7_9?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.4-3.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le"
},
"product_reference": "rhc-1:0.2.4-3.el7_9.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.4-3.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x"
},
"product_reference": "rhc-1:0.2.4-3.el7_9.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.4-3.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:rhc-1:0.2.4-3.el7_9.src"
},
"product_reference": "rhc-1:0.2.4-3.el7_9.src",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.4-3.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64"
},
"product_reference": "rhc-1:0.2.4-3.el7_9.x86_64",
"relates_to_product_reference": "7Server-ELS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.src",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:21:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.src",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7676"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.src",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.src",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.src",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:21:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.src",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:rhc-1:0.2.4-3.el7_9.ppc64le",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.s390x",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.src",
"7Server-ELS:rhc-1:0.2.4-3.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:7854
Vulnerability from csaf_redhat - Published: 2026-04-13 12:51 - Updated: 2026-07-03 11:01A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for podman is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7854",
"url": "https://access.redhat.com/errata/RHSA-2026:7854"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7854.json"
}
],
"title": "Red Hat Security Advisory: podman security update",
"tracking": {
"current_release_date": "2026-07-03T11:01:42+00:00",
"generator": {
"date": "2026-07-03T11:01:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7854",
"initial_release_date": "2026-04-13T12:51:03+00:00",
"revision_history": [
{
"date": "2026-04-13T12:51:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-13T12:51:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5:5.4.0-20.el9_6.2.src",
"product": {
"name": "podman-5:5.4.0-20.el9_6.2.src",
"product_id": "podman-5:5.4.0-20.el9_6.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.4.0-20.el9_6.2?arch=src\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product": {
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product_id": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests-debuginfo@5.4.0-20.el9_6.2?arch=aarch64\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product": {
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product_id": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests-debuginfo@5.4.0-20.el9_6.2?arch=ppc64le\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product": {
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product_id": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests-debuginfo@5.4.0-20.el9_6.2?arch=x86_64\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-remote-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-remote-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-tests-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-tests-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product": {
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product_id": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests-debuginfo@5.4.0-20.el9_6.2?arch=s390x\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-5:5.4.0-20.el9_6.2.noarch",
"product": {
"name": "podman-docker-5:5.4.0-20.el9_6.2.noarch",
"product_id": "podman-docker-5:5.4.0-20.el9_6.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-docker@5.4.0-20.el9_6.2?arch=noarch\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.4.0-20.el9_6.2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src"
},
"product_reference": "podman-5:5.4.0-20.el9_6.2.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5:5.4.0-20.el9_6.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch"
},
"product_reference": "podman-docker-5:5.4.0-20.el9_6.2.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-remote-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-tests-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64"
},
"product_reference": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le"
},
"product_reference": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x"
},
"product_reference": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
},
"product_reference": "podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T12:51:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7854"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T12:51:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7854"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T12:51:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T12:51:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.src",
"AppStream-9.6.0.Z.EUS:podman-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-debugsource-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-docker-5:5.4.0-20.el9_6.2.noarch",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-plugins-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-remote-debuginfo-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-5:5.4.0-20.el9_6.2.x86_64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.aarch64",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.ppc64le",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.s390x",
"AppStream-9.6.0.Z.EUS:podman-tests-debuginfo-5:5.4.0-20.el9_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:7942
Vulnerability from csaf_redhat - Published: 2026-04-13 21:59 - Updated: 2026-07-03 11:01A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HawtIO HawtIO 4.3.1
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_hawtio:4.3::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HawtIO HawtIO 4.3.1
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_hawtio:4.3::el9
|
— |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "HawtIO 4.3.1 for Red Hat build of Apache Camel 4 GA Release is now available.\n\nThe purpose of this text-only errata is to inform you about the enhancements\nthat improve your developer experience and ensure the security and stability of\nyour products.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "HawtIO 4.3.1 for Red Hat build of Apache Camel 4 GA Release is now available.\n\nThe purpose of this text-only errata is to inform you about the enhancements\nthat improve your developer experience and ensure the security and stability of\nyour products.\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7942",
"url": "https://access.redhat.com/errata/RHSA-2026:7942"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7942.json"
}
],
"title": "Red Hat Security Advisory: HawtIO 4.3.1 for Red Hat build of Apache Camel 4 Release and security update.",
"tracking": {
"current_release_date": "2026-07-03T11:01:42+00:00",
"generator": {
"date": "2026-07-03T11:01:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7942",
"initial_release_date": "2026-04-13T21:59:31+00:00",
"revision_history": [
{
"date": "2026-04-13T21:59:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-13T21:59:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HawtIO HawtIO 4.3.1",
"product": {
"name": "HawtIO HawtIO 4.3.1",
"product_id": "HawtIO HawtIO 4.3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apache_camel_hawtio:4.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HawtIO HawtIO 4.3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T21:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HawtIO HawtIO 4.3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7942"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"HawtIO HawtIO 4.3.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HawtIO HawtIO 4.3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HawtIO HawtIO 4.3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T21:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HawtIO HawtIO 4.3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HawtIO HawtIO 4.3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:8151
Vulnerability from csaf_redhat - Published: 2026-04-14 15:55 - Updated: 2026-07-03 11:01A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64 | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64 | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64 | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64 | — |
Multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64 | — |
Workaround
|
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le | — |
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64 | — |
Workaround
|
A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as 'acl', are evaluated before the 'rewrite' plugin, creating a Time-of-Check Time-of-Use (TOCTOU) flaw. This flaw enables an attacker to circumvent intended access restrictions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64 | — |
Workaround
|
A flaw was found in CoreDNS, a DNS server that chains plugins. A remote attacker can exploit this flaw by sending specially crafted DNS queries. This vulnerability exists in CoreDNS's loop detection plugin due to the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name. Successful exploitation can lead to a denial of service (DoS) by crashing the DNS server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64 | — |
Workaround
|
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64 | — |
Workaround
|
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Submariner v0.22 General Availability release images, which provide enhancements, security fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.\nRed Hat Advanced Cluster Management for Kubernetes v2.15",
"title": "Topic"
},
{
"category": "general",
"text": "Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods, implementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator, it can enable direct networking between pods and services across different Kubernetes clusters.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:8151",
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68151",
"url": "https://access.redhat.com/security/cve/CVE-2025-68151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26017",
"url": "https://access.redhat.com/security/cve/CVE-2026-26017"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26018",
"url": "https://access.redhat.com/security/cve/CVE-2026-26018"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8151.json"
}
],
"title": "Red Hat Security Advisory: Submariner v0.22 security fixes and container updates",
"tracking": {
"current_release_date": "2026-07-03T11:01:43+00:00",
"generator": {
"date": "2026-07-03T11:01:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:8151",
"initial_release_date": "2026-04-14T15:55:27+00:00",
"revision_history": [
{
"date": "2026-04-14T15:55:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-14T15:55:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product": {
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:acm:2.15::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Management for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Ab54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774084104"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3Adb1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774086225"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774372741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3A613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774085848"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-operator-bundle@sha256%3A39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774565831"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550350"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3A5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774332596"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3Aff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550357"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3A3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774084104"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774086225"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774372741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3Ad061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774085848"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550350"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3Ae3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774332596"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550357"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Ac9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774084104"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774086225"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3Aa34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774372741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3A9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774085848"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3Ad85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550350"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3A93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774332596"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550357"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Ad3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774084104"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774086225"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774372741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3A6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774085848"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3Ac153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550350"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3Aeedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774332596"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550357"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2025-68151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-08T16:01:04.891768+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428009"
}
],
"notes": [
{
"category": "description",
"text": "Multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns/core/dnsserver: CoreDNS DoS via unbounded connections and oversized messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68151"
},
{
"category": "external",
"summary": "RHBZ#2428009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68151"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812",
"url": "https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/pull/7490",
"url": "https://github.com/coredns/coredns/pull/7490"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2"
}
],
"release_date": "2026-01-08T15:33:12.711000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/coredns/coredns/core/dnsserver: CoreDNS DoS via unbounded connections and oversized messages"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-26017",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-03-06T16:01:45.971241+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as \u0027acl\u0027, are evaluated before the \u0027rewrite\u0027 plugin, creating a Time-of-Check Time-of-Use (TOCTOU) flaw. This flaw enables an attacker to circumvent intended access restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26017"
},
{
"category": "external",
"summary": "RHBZ#2445244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26017"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr"
}
],
"release_date": "2026-03-06T15:36:15.655000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw"
},
{
"cve": "CVE-2026-26018",
"cwe": {
"id": "CWE-1241",
"name": "Use of Predictable Algorithm in Random Number Generator"
},
"discovery_date": "2026-03-06T16:01:38.150099+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445242"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CoreDNS, a DNS server that chains plugins. A remote attacker can exploit this flaw by sending specially crafted DNS queries. This vulnerability exists in CoreDNS\u0027s loop detection plugin due to the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name. Successful exploitation can lead to a denial of service (DoS) by crashing the DNS server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26018"
},
{
"category": "external",
"summary": "RHBZ#2445242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278"
}
],
"release_date": "2026-03-06T15:35:50.801000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
}
]
}
RHSA-2026:8167
Vulnerability from csaf_redhat - Published: 2026-04-14 18:58 - Updated: 2026-07-03 11:01A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64 | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64 | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64 | — |
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64 | — |
Workaround
|
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Web Terminal Operator 1.15.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:8167",
"url": "https://access.redhat.com/errata/RHSA-2026:8167"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-368",
"url": "https://redhat.atlassian.net/browse/WTO-368"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-373",
"url": "https://redhat.atlassian.net/browse/WTO-373"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-377",
"url": "https://redhat.atlassian.net/browse/WTO-377"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-383",
"url": "https://redhat.atlassian.net/browse/WTO-383"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-390",
"url": "https://redhat.atlassian.net/browse/WTO-390"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-393",
"url": "https://redhat.atlassian.net/browse/WTO-393"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8167.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Web Terminal Operator 1.15.0 release.",
"tracking": {
"current_release_date": "2026-07-03T11:01:44+00:00",
"generator": {
"date": "2026-07-03T11:01:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:8167",
"initial_release_date": "2026-04-14T18:58:52+00:00",
"revision_history": [
{
"date": "2026-04-14T18:58:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-14T18:58:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Web Terminal 1.15",
"product": {
"name": "Red Hat Web Terminal 1.15",
"product_id": "Red Hat Web Terminal 1.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:webterminal:1.15::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Web Terminal"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-exec-rhel9@sha256%3A1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1775672762"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-rhel9-operator@sha256%3Aa531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1775672765"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-operator-bundle@sha256%3A69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1775672724"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-tooling-rhel9@sha256%3A4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1775672831"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64 as a component of Red Hat Web Terminal 1.15",
"product_id": "Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64 as a component of Red Hat Web Terminal 1.15",
"product_id": "Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64 as a component of Red Hat Web Terminal 1.15",
"product_id": "Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64 as a component of Red Hat Web Terminal 1.15",
"product_id": "Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T18:58:52+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.20 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8167"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T18:58:52+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.20 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8167"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T18:58:52+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.20 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8167"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T18:58:52+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.20 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8167"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T18:58:52+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.20 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8167"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:1a4e4ddfdd6f353c67172dec6b6d5e3c07d3f67410d537066e2b0321b044698a_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:69bbe9115e6a686bf3efba029c4d27fe87a003745536db3a80abe7466398206d_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:a531c9a89a0ddf261241c353de8866f6609b535e3dbaf05bf3ff410234398d7b_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:4c3d303dca13ac5383927d0c428b9418a6009e2b8ee686b1f246c94b783e02b0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.