Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-68121 (GCVE-0-2025-68121)
Vulnerability from cvelistv5 – Published: 2026-02-05 17:48 – Updated: 2026-04-29 13:29
VLAI
EPSS
Title
Unexpected session resumption in crypto/tls
Summary
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
Severity
9.1 (Critical)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/tls |
Affected:
0 , < 1.24.13
(semver)
Affected: 1.25.0-0 , < 1.25.7 (semver) Affected: 1.26.0-rc.1 , < 1.26.0-rc.3 (semver) |
Credits
Coia Prant (github.com/rbqvq)
Go Security Team
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-68121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T03:55:46.305385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T13:29:25.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/tls",
"product": "crypto/tls",
"programRoutines": [
{
"name": "Conn.handshakeContext"
},
{
"name": "Conn.Handshake"
},
{
"name": "Conn.HandshakeContext"
},
{
"name": "Conn.Read"
},
{
"name": "Conn.Write"
},
{
"name": "Dial"
},
{
"name": "DialWithDialer"
},
{
"name": "Dialer.Dial"
},
{
"name": "Dialer.DialContext"
},
{
"name": "QUICConn.Start"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.24.13",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.25.7",
"status": "affected",
"version": "1.25.0-0",
"versionType": "semver"
},
{
"lessThan": "1.26.0-rc.3",
"status": "affected",
"version": "1.26.0-rc.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Coia Prant (github.com/rbqvq)"
},
{
"lang": "en",
"value": "Go Security Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-295: Improper Certificate Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T17:48:44.141Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"url": "https://go.dev/cl/737700"
},
{
"url": "https://go.dev/issue/77217"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"title": "Unexpected session resumption in crypto/tls"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-68121",
"datePublished": "2026-02-05T17:48:44.141Z",
"dateReserved": "2025-12-15T16:48:04.451Z",
"dateUpdated": "2026-04-29T13:29:25.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-68121",
"date": "2026-05-25",
"epss": "0.00018",
"percentile": "0.04801"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-68121\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-02-05T18:16:10.857\",\"lastModified\":\"2026-04-29T14:16:16.170\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.\"},{\"lang\":\"es\",\"value\":\"Durante la reanudaci\u00f3n de la sesi\u00f3n en crypto/tls, si la Config subyacente tiene sus campos ClientCAs o RootCAs mutados entre el handshake inicial y el handshake reanudado, el handshake reanudado puede tener \u00e9xito cuando deber\u00eda haber fallado. Esto puede ocurrir cuando un usuario llama a Config.Clone y muta la Config devuelta, o usa Config.GetConfigForClient. Esto puede hacer que un cliente reanude una sesi\u00f3n con un servidor con el que no la habr\u00eda reanudado durante el handshake inicial, o hacer que un servidor reanude una sesi\u00f3n con un cliente con el que no la habr\u00eda reanudado durante el handshake inicial.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.13\",\"matchCriteriaId\":\"9FEE539A-EDC2-4044-A38C-5A0FDF567509\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.25.0\",\"versionEndExcluding\":\"1.25.7\",\"matchCriteriaId\":\"B275853C-E253-485B-B469-31D1A7383965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.26.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E529A0EC-B944-4E2F-B26A-2A9F31AFF240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.26.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"553D6D90-140E-4A54-86A3-00E66AC30F3C\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/737700\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/77217\",\"source\":\"security@golang.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/K09ubi9FQFk\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4337\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-68121\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-29T03:55:46.305385Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"CWE-295 Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-06T15:32:38.457Z\"}}], \"cna\": {\"title\": \"Unexpected session resumption in crypto/tls\", \"credits\": [{\"lang\": \"en\", \"value\": \"Coia Prant (github.com/rbqvq)\"}, {\"lang\": \"en\", \"value\": \"Go Security Team\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/tls\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.24.13\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.25.0-0\", \"lessThan\": \"1.25.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.26.0-rc.1\", \"lessThan\": \"1.26.0-rc.3\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/tls\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Conn.handshakeContext\"}, {\"name\": \"Conn.Handshake\"}, {\"name\": \"Conn.HandshakeContext\"}, {\"name\": \"Conn.Read\"}, {\"name\": \"Conn.Write\"}, {\"name\": \"Dial\"}, {\"name\": \"DialWithDialer\"}, {\"name\": \"Dialer.Dial\"}, {\"name\": \"Dialer.DialContext\"}, {\"name\": \"QUICConn.Start\"}]}], \"references\": [{\"url\": \"https://groups.google.com/g/golang-announce/c/K09ubi9FQFk\"}, {\"url\": \"https://go.dev/cl/737700\"}, {\"url\": \"https://go.dev/issue/77217\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4337\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-295: Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-02-05T17:48:44.141Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-68121\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-29T13:29:25.582Z\", \"dateReserved\": \"2025-12-15T16:48:04.451Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-02-05T17:48:44.141Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:3193
Vulnerability from csaf_redhat - Published: 2026-02-24 12:01 - Updated: 2026-05-26 09:04Summary
Red Hat Security Advisory: golang security update
Severity
Important
Notes
Topic: An update for golang is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The golang packages provide the Go programming language compiler.
Security Fix(es):
* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* cmd/cgo: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.
7.4 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
37 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for golang is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* cmd/cgo: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3193",
"url": "https://access.redhat.com/errata/RHSA-2026:3193"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437016"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3193.json"
}
],
"title": "Red Hat Security Advisory: golang security update",
"tracking": {
"current_release_date": "2026-05-26T09:04:34+00:00",
"generator": {
"date": "2026-05-26T09:04:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:3193",
"initial_release_date": "2026-02-24T12:01:01+00:00",
"revision_history": [
{
"date": "2026-02-24T12:01:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-24T12:01:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:04:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.25.7-1.el9_6.aarch64",
"product": {
"name": "go-toolset-0:1.25.7-1.el9_6.aarch64",
"product_id": "go-toolset-0:1.25.7-1.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.25.7-1.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.25.7-1.el9_6.aarch64",
"product": {
"name": "golang-0:1.25.7-1.el9_6.aarch64",
"product_id": "golang-0:1.25.7-1.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.25.7-1.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.25.7-1.el9_6.aarch64",
"product": {
"name": "golang-bin-0:1.25.7-1.el9_6.aarch64",
"product_id": "golang-bin-0:1.25.7-1.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.25.7-1.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.25.7-1.el9_6.aarch64",
"product": {
"name": "golang-race-0:1.25.7-1.el9_6.aarch64",
"product_id": "golang-race-0:1.25.7-1.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.25.7-1.el9_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.25.7-1.el9_6.ppc64le",
"product": {
"name": "go-toolset-0:1.25.7-1.el9_6.ppc64le",
"product_id": "go-toolset-0:1.25.7-1.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.25.7-1.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.25.7-1.el9_6.ppc64le",
"product": {
"name": "golang-0:1.25.7-1.el9_6.ppc64le",
"product_id": "golang-0:1.25.7-1.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.25.7-1.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.25.7-1.el9_6.ppc64le",
"product": {
"name": "golang-bin-0:1.25.7-1.el9_6.ppc64le",
"product_id": "golang-bin-0:1.25.7-1.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.25.7-1.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.25.7-1.el9_6.ppc64le",
"product": {
"name": "golang-race-0:1.25.7-1.el9_6.ppc64le",
"product_id": "golang-race-0:1.25.7-1.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.25.7-1.el9_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.25.7-1.el9_6.x86_64",
"product": {
"name": "go-toolset-0:1.25.7-1.el9_6.x86_64",
"product_id": "go-toolset-0:1.25.7-1.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.25.7-1.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.25.7-1.el9_6.x86_64",
"product": {
"name": "golang-0:1.25.7-1.el9_6.x86_64",
"product_id": "golang-0:1.25.7-1.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.25.7-1.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.25.7-1.el9_6.x86_64",
"product": {
"name": "golang-bin-0:1.25.7-1.el9_6.x86_64",
"product_id": "golang-bin-0:1.25.7-1.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.25.7-1.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.25.7-1.el9_6.x86_64",
"product": {
"name": "golang-race-0:1.25.7-1.el9_6.x86_64",
"product_id": "golang-race-0:1.25.7-1.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.25.7-1.el9_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.25.7-1.el9_6.s390x",
"product": {
"name": "go-toolset-0:1.25.7-1.el9_6.s390x",
"product_id": "go-toolset-0:1.25.7-1.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.25.7-1.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.25.7-1.el9_6.s390x",
"product": {
"name": "golang-0:1.25.7-1.el9_6.s390x",
"product_id": "golang-0:1.25.7-1.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.25.7-1.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.25.7-1.el9_6.s390x",
"product": {
"name": "golang-bin-0:1.25.7-1.el9_6.s390x",
"product_id": "golang-bin-0:1.25.7-1.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.25.7-1.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.25.7-1.el9_6.s390x",
"product": {
"name": "golang-race-0:1.25.7-1.el9_6.s390x",
"product_id": "golang-race-0:1.25.7-1.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.25.7-1.el9_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-0:1.25.7-1.el9_6.src",
"product": {
"name": "golang-0:1.25.7-1.el9_6.src",
"product_id": "golang-0:1.25.7-1.el9_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.25.7-1.el9_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-docs-0:1.25.7-1.el9_6.noarch",
"product": {
"name": "golang-docs-0:1.25.7-1.el9_6.noarch",
"product_id": "golang-docs-0:1.25.7-1.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-docs@1.25.7-1.el9_6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-misc-0:1.25.7-1.el9_6.noarch",
"product": {
"name": "golang-misc-0:1.25.7-1.el9_6.noarch",
"product_id": "golang-misc-0:1.25.7-1.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-misc@1.25.7-1.el9_6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-src-0:1.25.7-1.el9_6.noarch",
"product": {
"name": "golang-src-0:1.25.7-1.el9_6.noarch",
"product_id": "golang-src-0:1.25.7-1.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-src@1.25.7-1.el9_6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-tests-0:1.25.7-1.el9_6.noarch",
"product": {
"name": "golang-tests-0:1.25.7-1.el9_6.noarch",
"product_id": "golang-tests-0:1.25.7-1.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-tests@1.25.7-1.el9_6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.25.7-1.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64"
},
"product_reference": "go-toolset-0:1.25.7-1.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.25.7-1.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le"
},
"product_reference": "go-toolset-0:1.25.7-1.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.25.7-1.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x"
},
"product_reference": "go-toolset-0:1.25.7-1.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.25.7-1.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64"
},
"product_reference": "go-toolset-0:1.25.7-1.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.25.7-1.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64"
},
"product_reference": "golang-0:1.25.7-1.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.25.7-1.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le"
},
"product_reference": "golang-0:1.25.7-1.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.25.7-1.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x"
},
"product_reference": "golang-0:1.25.7-1.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.25.7-1.el9_6.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src"
},
"product_reference": "golang-0:1.25.7-1.el9_6.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.25.7-1.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64"
},
"product_reference": "golang-0:1.25.7-1.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.25.7-1.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64"
},
"product_reference": "golang-bin-0:1.25.7-1.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.25.7-1.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le"
},
"product_reference": "golang-bin-0:1.25.7-1.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.25.7-1.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x"
},
"product_reference": "golang-bin-0:1.25.7-1.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.25.7-1.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64"
},
"product_reference": "golang-bin-0:1.25.7-1.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-docs-0:1.25.7-1.el9_6.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch"
},
"product_reference": "golang-docs-0:1.25.7-1.el9_6.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-misc-0:1.25.7-1.el9_6.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch"
},
"product_reference": "golang-misc-0:1.25.7-1.el9_6.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.25.7-1.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64"
},
"product_reference": "golang-race-0:1.25.7-1.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.25.7-1.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le"
},
"product_reference": "golang-race-0:1.25.7-1.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.25.7-1.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x"
},
"product_reference": "golang-race-0:1.25.7-1.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.25.7-1.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64"
},
"product_reference": "golang-race-0:1.25.7-1.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-src-0:1.25.7-1.el9_6.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch"
},
"product_reference": "golang-src-0:1.25.7-1.el9_6.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-tests-0:1.25.7-1.el9_6.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch"
},
"product_reference": "golang-tests-0:1.25.7-1.el9_6.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-24T12:01:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3193"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-24T12:01:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3193"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61732",
"discovery_date": "2026-02-05T05:00:47.678207+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s \u0027cgo tool\u0027. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in the `cmd/cgo` component of the Go toolchain. A parsing discrepancy between Go and C/C++ comments could allow for code smuggling into the resulting `cgo` binary. This primarily affects systems where untrusted Go modules utilizing `cgo` are built, impacting Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "RHBZ#2437016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://go.dev/cl/734220",
"url": "https://go.dev/cl/734220"
},
{
"category": "external",
"summary": "https://go.dev/issue/76697",
"url": "https://go.dev/issue/76697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4433",
"url": "https://pkg.go.dev/vuln/GO-2026-4433"
}
],
"release_date": "2026-02-05T03:42:26.392000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-24T12:01:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3193"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-24T12:01:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3193"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.7-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.7-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.7-1.el9_6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:3291
Vulnerability from csaf_redhat - Published: 2026-02-25 07:41 - Updated: 2026-05-26 09:04Summary
Red Hat Security Advisory: runc security update
Severity
Important
Notes
Topic: An update for runc is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for runc is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3291",
"url": "https://access.redhat.com/errata/RHSA-2026:3291"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3291.json"
}
],
"title": "Red Hat Security Advisory: runc security update",
"tracking": {
"current_release_date": "2026-05-26T09:04:35+00:00",
"generator": {
"date": "2026-05-26T09:04:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:3291",
"initial_release_date": "2026-02-25T07:41:04+00:00",
"revision_history": [
{
"date": "2026-02-25T07:41:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-25T07:41:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:04:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.4.0-2.el9_7.src",
"product": {
"name": "runc-4:1.4.0-2.el9_7.src",
"product_id": "runc-4:1.4.0-2.el9_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.4.0-2.el9_7?arch=src\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.4.0-2.el9_7.aarch64",
"product": {
"name": "runc-4:1.4.0-2.el9_7.aarch64",
"product_id": "runc-4:1.4.0-2.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.4.0-2.el9_7?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.4.0-2.el9_7.aarch64",
"product": {
"name": "runc-debugsource-4:1.4.0-2.el9_7.aarch64",
"product_id": "runc-debugsource-4:1.4.0-2.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.4.0-2.el9_7?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.4.0-2.el9_7.aarch64",
"product": {
"name": "runc-debuginfo-4:1.4.0-2.el9_7.aarch64",
"product_id": "runc-debuginfo-4:1.4.0-2.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.4.0-2.el9_7?arch=aarch64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.4.0-2.el9_7.ppc64le",
"product": {
"name": "runc-4:1.4.0-2.el9_7.ppc64le",
"product_id": "runc-4:1.4.0-2.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.4.0-2.el9_7?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.4.0-2.el9_7.ppc64le",
"product": {
"name": "runc-debugsource-4:1.4.0-2.el9_7.ppc64le",
"product_id": "runc-debugsource-4:1.4.0-2.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.4.0-2.el9_7?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.4.0-2.el9_7.ppc64le",
"product": {
"name": "runc-debuginfo-4:1.4.0-2.el9_7.ppc64le",
"product_id": "runc-debuginfo-4:1.4.0-2.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.4.0-2.el9_7?arch=ppc64le\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.4.0-2.el9_7.x86_64",
"product": {
"name": "runc-4:1.4.0-2.el9_7.x86_64",
"product_id": "runc-4:1.4.0-2.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.4.0-2.el9_7?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.4.0-2.el9_7.x86_64",
"product": {
"name": "runc-debugsource-4:1.4.0-2.el9_7.x86_64",
"product_id": "runc-debugsource-4:1.4.0-2.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.4.0-2.el9_7?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.4.0-2.el9_7.x86_64",
"product": {
"name": "runc-debuginfo-4:1.4.0-2.el9_7.x86_64",
"product_id": "runc-debuginfo-4:1.4.0-2.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.4.0-2.el9_7?arch=x86_64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.4.0-2.el9_7.s390x",
"product": {
"name": "runc-4:1.4.0-2.el9_7.s390x",
"product_id": "runc-4:1.4.0-2.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.4.0-2.el9_7?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.4.0-2.el9_7.s390x",
"product": {
"name": "runc-debugsource-4:1.4.0-2.el9_7.s390x",
"product_id": "runc-debugsource-4:1.4.0-2.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.4.0-2.el9_7?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.4.0-2.el9_7.s390x",
"product": {
"name": "runc-debuginfo-4:1.4.0-2.el9_7.s390x",
"product_id": "runc-debuginfo-4:1.4.0-2.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.4.0-2.el9_7?arch=s390x\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.4.0-2.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.aarch64"
},
"product_reference": "runc-4:1.4.0-2.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.4.0-2.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.ppc64le"
},
"product_reference": "runc-4:1.4.0-2.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.4.0-2.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.s390x"
},
"product_reference": "runc-4:1.4.0-2.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.4.0-2.el9_7.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.src"
},
"product_reference": "runc-4:1.4.0-2.el9_7.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.4.0-2.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.x86_64"
},
"product_reference": "runc-4:1.4.0-2.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.4.0-2.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.aarch64"
},
"product_reference": "runc-debuginfo-4:1.4.0-2.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.4.0-2.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.ppc64le"
},
"product_reference": "runc-debuginfo-4:1.4.0-2.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.4.0-2.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.s390x"
},
"product_reference": "runc-debuginfo-4:1.4.0-2.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.4.0-2.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.x86_64"
},
"product_reference": "runc-debuginfo-4:1.4.0-2.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.4.0-2.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.aarch64"
},
"product_reference": "runc-debugsource-4:1.4.0-2.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.4.0-2.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.ppc64le"
},
"product_reference": "runc-debugsource-4:1.4.0-2.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.4.0-2.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.s390x"
},
"product_reference": "runc-debugsource-4:1.4.0-2.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.4.0-2.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.x86_64"
},
"product_reference": "runc-debugsource-4:1.4.0-2.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T07:41:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3291"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T07:41:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T07:41:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:runc-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debuginfo-4:1.4.0-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:runc-debugsource-4:1.4.0-2.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:3297
Vulnerability from csaf_redhat - Published: 2026-02-25 09:09 - Updated: 2026-05-26 09:04Summary
Red Hat Security Advisory: buildah security update
Severity
Important
Notes
Topic: An update for buildah is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for buildah is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. \n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3297",
"url": "https://access.redhat.com/errata/RHSA-2026:3297"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3297.json"
}
],
"title": "Red Hat Security Advisory: buildah security update",
"tracking": {
"current_release_date": "2026-05-26T09:04:39+00:00",
"generator": {
"date": "2026-05-26T09:04:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:3297",
"initial_release_date": "2026-02-25T09:09:30+00:00",
"revision_history": [
{
"date": "2026-02-25T09:09:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-25T09:09:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:04:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.41.8-2.el10_1.src",
"product": {
"name": "buildah-2:1.41.8-2.el10_1.src",
"product_id": "buildah-2:1.41.8-2.el10_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.41.8-2.el10_1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.41.8-2.el10_1.aarch64",
"product": {
"name": "buildah-2:1.41.8-2.el10_1.aarch64",
"product_id": "buildah-2:1.41.8-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.41.8-2.el10_1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.41.8-2.el10_1.aarch64",
"product": {
"name": "buildah-tests-2:1.41.8-2.el10_1.aarch64",
"product_id": "buildah-tests-2:1.41.8-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.41.8-2.el10_1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.41.8-2.el10_1.aarch64",
"product": {
"name": "buildah-debugsource-2:1.41.8-2.el10_1.aarch64",
"product_id": "buildah-debugsource-2:1.41.8-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.41.8-2.el10_1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.41.8-2.el10_1.aarch64",
"product": {
"name": "buildah-debuginfo-2:1.41.8-2.el10_1.aarch64",
"product_id": "buildah-debuginfo-2:1.41.8-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.41.8-2.el10_1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64",
"product": {
"name": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64",
"product_id": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.41.8-2.el10_1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.41.8-2.el10_1.ppc64le",
"product": {
"name": "buildah-2:1.41.8-2.el10_1.ppc64le",
"product_id": "buildah-2:1.41.8-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.41.8-2.el10_1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.41.8-2.el10_1.ppc64le",
"product": {
"name": "buildah-tests-2:1.41.8-2.el10_1.ppc64le",
"product_id": "buildah-tests-2:1.41.8-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.41.8-2.el10_1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.41.8-2.el10_1.ppc64le",
"product": {
"name": "buildah-debugsource-2:1.41.8-2.el10_1.ppc64le",
"product_id": "buildah-debugsource-2:1.41.8-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.41.8-2.el10_1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"product": {
"name": "buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"product_id": "buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.41.8-2.el10_1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"product": {
"name": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"product_id": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.41.8-2.el10_1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.41.8-2.el10_1.x86_64",
"product": {
"name": "buildah-2:1.41.8-2.el10_1.x86_64",
"product_id": "buildah-2:1.41.8-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.41.8-2.el10_1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.41.8-2.el10_1.x86_64",
"product": {
"name": "buildah-tests-2:1.41.8-2.el10_1.x86_64",
"product_id": "buildah-tests-2:1.41.8-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.41.8-2.el10_1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.41.8-2.el10_1.x86_64",
"product": {
"name": "buildah-debugsource-2:1.41.8-2.el10_1.x86_64",
"product_id": "buildah-debugsource-2:1.41.8-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.41.8-2.el10_1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.41.8-2.el10_1.x86_64",
"product": {
"name": "buildah-debuginfo-2:1.41.8-2.el10_1.x86_64",
"product_id": "buildah-debuginfo-2:1.41.8-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.41.8-2.el10_1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64",
"product": {
"name": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64",
"product_id": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.41.8-2.el10_1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.41.8-2.el10_1.s390x",
"product": {
"name": "buildah-2:1.41.8-2.el10_1.s390x",
"product_id": "buildah-2:1.41.8-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.41.8-2.el10_1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.41.8-2.el10_1.s390x",
"product": {
"name": "buildah-tests-2:1.41.8-2.el10_1.s390x",
"product_id": "buildah-tests-2:1.41.8-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.41.8-2.el10_1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.41.8-2.el10_1.s390x",
"product": {
"name": "buildah-debugsource-2:1.41.8-2.el10_1.s390x",
"product_id": "buildah-debugsource-2:1.41.8-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.41.8-2.el10_1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.41.8-2.el10_1.s390x",
"product": {
"name": "buildah-debuginfo-2:1.41.8-2.el10_1.s390x",
"product_id": "buildah-debuginfo-2:1.41.8-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.41.8-2.el10_1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x",
"product": {
"name": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x",
"product_id": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.41.8-2.el10_1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.41.8-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.aarch64"
},
"product_reference": "buildah-2:1.41.8-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.41.8-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.ppc64le"
},
"product_reference": "buildah-2:1.41.8-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.41.8-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.s390x"
},
"product_reference": "buildah-2:1.41.8-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.41.8-2.el10_1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.src"
},
"product_reference": "buildah-2:1.41.8-2.el10_1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.41.8-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.x86_64"
},
"product_reference": "buildah-2:1.41.8-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.41.8-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.aarch64"
},
"product_reference": "buildah-debuginfo-2:1.41.8-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le"
},
"product_reference": "buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.41.8-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.s390x"
},
"product_reference": "buildah-debuginfo-2:1.41.8-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.41.8-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.x86_64"
},
"product_reference": "buildah-debuginfo-2:1.41.8-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.41.8-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.aarch64"
},
"product_reference": "buildah-debugsource-2:1.41.8-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.41.8-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.ppc64le"
},
"product_reference": "buildah-debugsource-2:1.41.8-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.41.8-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.s390x"
},
"product_reference": "buildah-debugsource-2:1.41.8-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.41.8-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.x86_64"
},
"product_reference": "buildah-debugsource-2:1.41.8-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.41.8-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.aarch64"
},
"product_reference": "buildah-tests-2:1.41.8-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.41.8-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.ppc64le"
},
"product_reference": "buildah-tests-2:1.41.8-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.41.8-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.s390x"
},
"product_reference": "buildah-tests-2:1.41.8-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.41.8-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.x86_64"
},
"product_reference": "buildah-tests-2:1.41.8-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64"
},
"product_reference": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le"
},
"product_reference": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x"
},
"product_reference": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64"
},
"product_reference": "buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.src",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T09:09:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.src",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3297"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.src",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.src",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.src",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T09:09:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.src",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3297"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.src",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.src",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T09:09:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.src",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3297"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.src",
"AppStream-10.1.Z:buildah-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debuginfo-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-debugsource-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-2:1.41.8-2.el10_1.x86_64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.aarch64",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.ppc64le",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.s390x",
"AppStream-10.1.Z:buildah-tests-debuginfo-2:1.41.8-2.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:3298
Vulnerability from csaf_redhat - Published: 2026-02-25 09:32 - Updated: 2026-05-26 09:04Summary
Red Hat Security Advisory: buildah security update
Severity
Important
Notes
Topic: An update for buildah is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.
Security Fix(es):
* buildah: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* buildah: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* buildah: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for buildah is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.\n\nSecurity Fix(es):\n\n* buildah: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* buildah: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* buildah: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3298",
"url": "https://access.redhat.com/errata/RHSA-2026:3298"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3298.json"
}
],
"title": "Red Hat Security Advisory: buildah security update",
"tracking": {
"current_release_date": "2026-05-26T09:04:35+00:00",
"generator": {
"date": "2026-05-26T09:04:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:3298",
"initial_release_date": "2026-02-25T09:32:15+00:00",
"revision_history": [
{
"date": "2026-02-25T09:32:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-25T09:32:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:04:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.41.8-2.el9_7.src",
"product": {
"name": "buildah-2:1.41.8-2.el9_7.src",
"product_id": "buildah-2:1.41.8-2.el9_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.41.8-2.el9_7?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.41.8-2.el9_7.aarch64",
"product": {
"name": "buildah-2:1.41.8-2.el9_7.aarch64",
"product_id": "buildah-2:1.41.8-2.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.41.8-2.el9_7?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.41.8-2.el9_7.aarch64",
"product": {
"name": "buildah-tests-2:1.41.8-2.el9_7.aarch64",
"product_id": "buildah-tests-2:1.41.8-2.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.41.8-2.el9_7?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.41.8-2.el9_7.aarch64",
"product": {
"name": "buildah-debugsource-2:1.41.8-2.el9_7.aarch64",
"product_id": "buildah-debugsource-2:1.41.8-2.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.41.8-2.el9_7?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.41.8-2.el9_7.aarch64",
"product": {
"name": "buildah-debuginfo-2:1.41.8-2.el9_7.aarch64",
"product_id": "buildah-debuginfo-2:1.41.8-2.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.41.8-2.el9_7?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64",
"product": {
"name": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64",
"product_id": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.41.8-2.el9_7?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.41.8-2.el9_7.ppc64le",
"product": {
"name": "buildah-2:1.41.8-2.el9_7.ppc64le",
"product_id": "buildah-2:1.41.8-2.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.41.8-2.el9_7?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.41.8-2.el9_7.ppc64le",
"product": {
"name": "buildah-tests-2:1.41.8-2.el9_7.ppc64le",
"product_id": "buildah-tests-2:1.41.8-2.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.41.8-2.el9_7?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.41.8-2.el9_7.ppc64le",
"product": {
"name": "buildah-debugsource-2:1.41.8-2.el9_7.ppc64le",
"product_id": "buildah-debugsource-2:1.41.8-2.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.41.8-2.el9_7?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"product": {
"name": "buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"product_id": "buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.41.8-2.el9_7?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"product": {
"name": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"product_id": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.41.8-2.el9_7?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.41.8-2.el9_7.x86_64",
"product": {
"name": "buildah-2:1.41.8-2.el9_7.x86_64",
"product_id": "buildah-2:1.41.8-2.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.41.8-2.el9_7?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.41.8-2.el9_7.x86_64",
"product": {
"name": "buildah-tests-2:1.41.8-2.el9_7.x86_64",
"product_id": "buildah-tests-2:1.41.8-2.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.41.8-2.el9_7?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.41.8-2.el9_7.x86_64",
"product": {
"name": "buildah-debugsource-2:1.41.8-2.el9_7.x86_64",
"product_id": "buildah-debugsource-2:1.41.8-2.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.41.8-2.el9_7?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.41.8-2.el9_7.x86_64",
"product": {
"name": "buildah-debuginfo-2:1.41.8-2.el9_7.x86_64",
"product_id": "buildah-debuginfo-2:1.41.8-2.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.41.8-2.el9_7?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64",
"product": {
"name": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64",
"product_id": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.41.8-2.el9_7?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.41.8-2.el9_7.s390x",
"product": {
"name": "buildah-2:1.41.8-2.el9_7.s390x",
"product_id": "buildah-2:1.41.8-2.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.41.8-2.el9_7?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.41.8-2.el9_7.s390x",
"product": {
"name": "buildah-tests-2:1.41.8-2.el9_7.s390x",
"product_id": "buildah-tests-2:1.41.8-2.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.41.8-2.el9_7?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.41.8-2.el9_7.s390x",
"product": {
"name": "buildah-debugsource-2:1.41.8-2.el9_7.s390x",
"product_id": "buildah-debugsource-2:1.41.8-2.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.41.8-2.el9_7?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.41.8-2.el9_7.s390x",
"product": {
"name": "buildah-debuginfo-2:1.41.8-2.el9_7.s390x",
"product_id": "buildah-debuginfo-2:1.41.8-2.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.41.8-2.el9_7?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x",
"product": {
"name": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x",
"product_id": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.41.8-2.el9_7?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.41.8-2.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.aarch64"
},
"product_reference": "buildah-2:1.41.8-2.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.41.8-2.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.ppc64le"
},
"product_reference": "buildah-2:1.41.8-2.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.41.8-2.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.s390x"
},
"product_reference": "buildah-2:1.41.8-2.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.41.8-2.el9_7.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.src"
},
"product_reference": "buildah-2:1.41.8-2.el9_7.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.41.8-2.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.x86_64"
},
"product_reference": "buildah-2:1.41.8-2.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.41.8-2.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.aarch64"
},
"product_reference": "buildah-debuginfo-2:1.41.8-2.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le"
},
"product_reference": "buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.41.8-2.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.s390x"
},
"product_reference": "buildah-debuginfo-2:1.41.8-2.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.41.8-2.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.x86_64"
},
"product_reference": "buildah-debuginfo-2:1.41.8-2.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.41.8-2.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.aarch64"
},
"product_reference": "buildah-debugsource-2:1.41.8-2.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.41.8-2.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.ppc64le"
},
"product_reference": "buildah-debugsource-2:1.41.8-2.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.41.8-2.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.s390x"
},
"product_reference": "buildah-debugsource-2:1.41.8-2.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.41.8-2.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.x86_64"
},
"product_reference": "buildah-debugsource-2:1.41.8-2.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.41.8-2.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.aarch64"
},
"product_reference": "buildah-tests-2:1.41.8-2.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.41.8-2.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.ppc64le"
},
"product_reference": "buildah-tests-2:1.41.8-2.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.41.8-2.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.s390x"
},
"product_reference": "buildah-tests-2:1.41.8-2.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.41.8-2.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.x86_64"
},
"product_reference": "buildah-tests-2:1.41.8-2.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64"
},
"product_reference": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le"
},
"product_reference": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x"
},
"product_reference": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64"
},
"product_reference": "buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T09:32:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3298"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T09:32:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T09:32:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3298"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:buildah-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debuginfo-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-debugsource-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-2:1.41.8-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:buildah-tests-debuginfo-2:1.41.8-2.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:3336
Vulnerability from csaf_redhat - Published: 2026-02-25 11:30 - Updated: 2026-05-26 09:04Summary
Red Hat Security Advisory: podman security update
Severity
Important
Notes
Topic: An update for podman is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for podman is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3336",
"url": "https://access.redhat.com/errata/RHSA-2026:3336"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3336.json"
}
],
"title": "Red Hat Security Advisory: podman security update",
"tracking": {
"current_release_date": "2026-05-26T09:04:36+00:00",
"generator": {
"date": "2026-05-26T09:04:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:3336",
"initial_release_date": "2026-02-25T11:30:01+00:00",
"revision_history": [
{
"date": "2026-02-25T11:30:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-25T11:30:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:04:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-7:5.6.0-12.el10_1.src",
"product": {
"name": "podman-7:5.6.0-12.el10_1.src",
"product_id": "podman-7:5.6.0-12.el10_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.6.0-12.el10_1?arch=src\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-7:5.6.0-12.el10_1.aarch64",
"product": {
"name": "podman-7:5.6.0-12.el10_1.aarch64",
"product_id": "podman-7:5.6.0-12.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.6.0-12.el10_1?arch=aarch64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-remote-7:5.6.0-12.el10_1.aarch64",
"product": {
"name": "podman-remote-7:5.6.0-12.el10_1.aarch64",
"product_id": "podman-remote-7:5.6.0-12.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.6.0-12.el10_1?arch=aarch64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"product": {
"name": "podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"product_id": "podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.6.0-12.el10_1?arch=aarch64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"product": {
"name": "podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"product_id": "podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.6.0-12.el10_1?arch=aarch64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"product": {
"name": "podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"product_id": "podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.6.0-12.el10_1?arch=aarch64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"product": {
"name": "podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"product_id": "podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests-debuginfo@5.6.0-12.el10_1?arch=aarch64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-tests-7:5.6.0-12.el10_1.aarch64",
"product": {
"name": "podman-tests-7:5.6.0-12.el10_1.aarch64",
"product_id": "podman-tests-7:5.6.0-12.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.6.0-12.el10_1?arch=aarch64\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-7:5.6.0-12.el10_1.ppc64le",
"product": {
"name": "podman-7:5.6.0-12.el10_1.ppc64le",
"product_id": "podman-7:5.6.0-12.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.6.0-12.el10_1?arch=ppc64le\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-remote-7:5.6.0-12.el10_1.ppc64le",
"product": {
"name": "podman-remote-7:5.6.0-12.el10_1.ppc64le",
"product_id": "podman-remote-7:5.6.0-12.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.6.0-12.el10_1?arch=ppc64le\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"product": {
"name": "podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"product_id": "podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.6.0-12.el10_1?arch=ppc64le\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"product": {
"name": "podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"product_id": "podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.6.0-12.el10_1?arch=ppc64le\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"product": {
"name": "podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"product_id": "podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.6.0-12.el10_1?arch=ppc64le\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"product": {
"name": "podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"product_id": "podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests-debuginfo@5.6.0-12.el10_1?arch=ppc64le\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-tests-7:5.6.0-12.el10_1.ppc64le",
"product": {
"name": "podman-tests-7:5.6.0-12.el10_1.ppc64le",
"product_id": "podman-tests-7:5.6.0-12.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.6.0-12.el10_1?arch=ppc64le\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-7:5.6.0-12.el10_1.x86_64",
"product": {
"name": "podman-7:5.6.0-12.el10_1.x86_64",
"product_id": "podman-7:5.6.0-12.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.6.0-12.el10_1?arch=x86_64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-remote-7:5.6.0-12.el10_1.x86_64",
"product": {
"name": "podman-remote-7:5.6.0-12.el10_1.x86_64",
"product_id": "podman-remote-7:5.6.0-12.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.6.0-12.el10_1?arch=x86_64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"product": {
"name": "podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"product_id": "podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.6.0-12.el10_1?arch=x86_64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"product": {
"name": "podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"product_id": "podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.6.0-12.el10_1?arch=x86_64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"product": {
"name": "podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"product_id": "podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.6.0-12.el10_1?arch=x86_64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"product": {
"name": "podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"product_id": "podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests-debuginfo@5.6.0-12.el10_1?arch=x86_64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-tests-7:5.6.0-12.el10_1.x86_64",
"product": {
"name": "podman-tests-7:5.6.0-12.el10_1.x86_64",
"product_id": "podman-tests-7:5.6.0-12.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.6.0-12.el10_1?arch=x86_64\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-7:5.6.0-12.el10_1.s390x",
"product": {
"name": "podman-7:5.6.0-12.el10_1.s390x",
"product_id": "podman-7:5.6.0-12.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.6.0-12.el10_1?arch=s390x\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-remote-7:5.6.0-12.el10_1.s390x",
"product": {
"name": "podman-remote-7:5.6.0-12.el10_1.s390x",
"product_id": "podman-remote-7:5.6.0-12.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.6.0-12.el10_1?arch=s390x\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-7:5.6.0-12.el10_1.s390x",
"product": {
"name": "podman-debugsource-7:5.6.0-12.el10_1.s390x",
"product_id": "podman-debugsource-7:5.6.0-12.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.6.0-12.el10_1?arch=s390x\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"product": {
"name": "podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"product_id": "podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.6.0-12.el10_1?arch=s390x\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"product": {
"name": "podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"product_id": "podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.6.0-12.el10_1?arch=s390x\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"product": {
"name": "podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"product_id": "podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests-debuginfo@5.6.0-12.el10_1?arch=s390x\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "podman-tests-7:5.6.0-12.el10_1.s390x",
"product": {
"name": "podman-tests-7:5.6.0-12.el10_1.s390x",
"product_id": "podman-tests-7:5.6.0-12.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.6.0-12.el10_1?arch=s390x\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-7:5.6.0-12.el10_1.noarch",
"product": {
"name": "podman-docker-7:5.6.0-12.el10_1.noarch",
"product_id": "podman-docker-7:5.6.0-12.el10_1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-docker@5.6.0-12.el10_1?arch=noarch\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-7:5.6.0-12.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64"
},
"product_reference": "podman-7:5.6.0-12.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-7:5.6.0-12.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le"
},
"product_reference": "podman-7:5.6.0-12.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-7:5.6.0-12.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x"
},
"product_reference": "podman-7:5.6.0-12.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-7:5.6.0-12.el10_1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src"
},
"product_reference": "podman-7:5.6.0-12.el10_1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-7:5.6.0-12.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64"
},
"product_reference": "podman-7:5.6.0-12.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-7:5.6.0-12.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64"
},
"product_reference": "podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-7:5.6.0-12.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le"
},
"product_reference": "podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-7:5.6.0-12.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x"
},
"product_reference": "podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-7:5.6.0-12.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64"
},
"product_reference": "podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-7:5.6.0-12.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64"
},
"product_reference": "podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-7:5.6.0-12.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le"
},
"product_reference": "podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-7:5.6.0-12.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x"
},
"product_reference": "podman-debugsource-7:5.6.0-12.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-7:5.6.0-12.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64"
},
"product_reference": "podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-7:5.6.0-12.el10_1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch"
},
"product_reference": "podman-docker-7:5.6.0-12.el10_1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-7:5.6.0-12.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64"
},
"product_reference": "podman-remote-7:5.6.0-12.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-7:5.6.0-12.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le"
},
"product_reference": "podman-remote-7:5.6.0-12.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-7:5.6.0-12.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x"
},
"product_reference": "podman-remote-7:5.6.0-12.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-7:5.6.0-12.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64"
},
"product_reference": "podman-remote-7:5.6.0-12.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64"
},
"product_reference": "podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le"
},
"product_reference": "podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x"
},
"product_reference": "podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64"
},
"product_reference": "podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-7:5.6.0-12.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64"
},
"product_reference": "podman-tests-7:5.6.0-12.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-7:5.6.0-12.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le"
},
"product_reference": "podman-tests-7:5.6.0-12.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-7:5.6.0-12.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x"
},
"product_reference": "podman-tests-7:5.6.0-12.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-7:5.6.0-12.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64"
},
"product_reference": "podman-tests-7:5.6.0-12.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64"
},
"product_reference": "podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le"
},
"product_reference": "podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x"
},
"product_reference": "podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64"
},
"product_reference": "podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-7:5.6.0-12.el10_1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64"
},
"product_reference": "podman-7:5.6.0-12.el10_1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-7:5.6.0-12.el10_1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le"
},
"product_reference": "podman-7:5.6.0-12.el10_1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-7:5.6.0-12.el10_1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x"
},
"product_reference": "podman-7:5.6.0-12.el10_1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-7:5.6.0-12.el10_1.src as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src"
},
"product_reference": "podman-7:5.6.0-12.el10_1.src",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-7:5.6.0-12.el10_1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64"
},
"product_reference": "podman-7:5.6.0-12.el10_1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-7:5.6.0-12.el10_1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64"
},
"product_reference": "podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-7:5.6.0-12.el10_1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le"
},
"product_reference": "podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-7:5.6.0-12.el10_1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x"
},
"product_reference": "podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-7:5.6.0-12.el10_1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64"
},
"product_reference": "podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-7:5.6.0-12.el10_1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64"
},
"product_reference": "podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-7:5.6.0-12.el10_1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le"
},
"product_reference": "podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-7:5.6.0-12.el10_1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x"
},
"product_reference": "podman-debugsource-7:5.6.0-12.el10_1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-7:5.6.0-12.el10_1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64"
},
"product_reference": "podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-7:5.6.0-12.el10_1.noarch as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch"
},
"product_reference": "podman-docker-7:5.6.0-12.el10_1.noarch",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-7:5.6.0-12.el10_1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64"
},
"product_reference": "podman-remote-7:5.6.0-12.el10_1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-7:5.6.0-12.el10_1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le"
},
"product_reference": "podman-remote-7:5.6.0-12.el10_1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-7:5.6.0-12.el10_1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x"
},
"product_reference": "podman-remote-7:5.6.0-12.el10_1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-7:5.6.0-12.el10_1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64"
},
"product_reference": "podman-remote-7:5.6.0-12.el10_1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64"
},
"product_reference": "podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le"
},
"product_reference": "podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x"
},
"product_reference": "podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64"
},
"product_reference": "podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-7:5.6.0-12.el10_1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64"
},
"product_reference": "podman-tests-7:5.6.0-12.el10_1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-7:5.6.0-12.el10_1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le"
},
"product_reference": "podman-tests-7:5.6.0-12.el10_1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-7:5.6.0-12.el10_1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x"
},
"product_reference": "podman-tests-7:5.6.0-12.el10_1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-7:5.6.0-12.el10_1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64"
},
"product_reference": "podman-tests-7:5.6.0-12.el10_1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64"
},
"product_reference": "podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le"
},
"product_reference": "podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x"
},
"product_reference": "podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64"
},
"product_reference": "podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T11:30:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3336"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T11:30:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3336"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T11:30:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3336"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T11:30:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3336"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"AppStream-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"AppStream-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.src",
"CRB-10.1.Z:podman-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-debugsource-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-docker-7:5.6.0-12.el10_1.noarch",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-remote-debuginfo-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-7:5.6.0-12.el10_1.x86_64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.aarch64",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.ppc64le",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.s390x",
"CRB-10.1.Z:podman-tests-debuginfo-7:5.6.0-12.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:3337
Vulnerability from csaf_redhat - Published: 2026-02-25 11:48 - Updated: 2026-05-26 09:04Summary
Red Hat Security Advisory: podman security update
Severity
Important
Notes
Topic: An update for podman is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for podman is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3337",
"url": "https://access.redhat.com/errata/RHSA-2026:3337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3337.json"
}
],
"title": "Red Hat Security Advisory: podman security update",
"tracking": {
"current_release_date": "2026-05-26T09:04:36+00:00",
"generator": {
"date": "2026-05-26T09:04:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:3337",
"initial_release_date": "2026-02-25T11:48:26+00:00",
"revision_history": [
{
"date": "2026-02-25T11:48:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-25T11:48:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:04:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-6:5.6.0-14.el9_7.src",
"product": {
"name": "podman-6:5.6.0-14.el9_7.src",
"product_id": "podman-6:5.6.0-14.el9_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.6.0-14.el9_7?arch=src\u0026epoch=6"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-6:5.6.0-14.el9_7.aarch64",
"product": {
"name": "podman-6:5.6.0-14.el9_7.aarch64",
"product_id": "podman-6:5.6.0-14.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.6.0-14.el9_7?arch=aarch64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-6:5.6.0-14.el9_7.aarch64",
"product": {
"name": "podman-plugins-6:5.6.0-14.el9_7.aarch64",
"product_id": "podman-plugins-6:5.6.0-14.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.6.0-14.el9_7?arch=aarch64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-remote-6:5.6.0-14.el9_7.aarch64",
"product": {
"name": "podman-remote-6:5.6.0-14.el9_7.aarch64",
"product_id": "podman-remote-6:5.6.0-14.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.6.0-14.el9_7?arch=aarch64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-tests-6:5.6.0-14.el9_7.aarch64",
"product": {
"name": "podman-tests-6:5.6.0-14.el9_7.aarch64",
"product_id": "podman-tests-6:5.6.0-14.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.6.0-14.el9_7?arch=aarch64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"product": {
"name": "podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"product_id": "podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.6.0-14.el9_7?arch=aarch64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"product": {
"name": "podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"product_id": "podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.6.0-14.el9_7?arch=aarch64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"product": {
"name": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"product_id": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.6.0-14.el9_7?arch=aarch64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"product": {
"name": "podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"product_id": "podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.6.0-14.el9_7?arch=aarch64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"product": {
"name": "podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"product_id": "podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests-debuginfo@5.6.0-14.el9_7?arch=aarch64\u0026epoch=6"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-6:5.6.0-14.el9_7.ppc64le",
"product": {
"name": "podman-6:5.6.0-14.el9_7.ppc64le",
"product_id": "podman-6:5.6.0-14.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.6.0-14.el9_7?arch=ppc64le\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"product": {
"name": "podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"product_id": "podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.6.0-14.el9_7?arch=ppc64le\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-remote-6:5.6.0-14.el9_7.ppc64le",
"product": {
"name": "podman-remote-6:5.6.0-14.el9_7.ppc64le",
"product_id": "podman-remote-6:5.6.0-14.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.6.0-14.el9_7?arch=ppc64le\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-tests-6:5.6.0-14.el9_7.ppc64le",
"product": {
"name": "podman-tests-6:5.6.0-14.el9_7.ppc64le",
"product_id": "podman-tests-6:5.6.0-14.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.6.0-14.el9_7?arch=ppc64le\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"product": {
"name": "podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"product_id": "podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.6.0-14.el9_7?arch=ppc64le\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"product": {
"name": "podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"product_id": "podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.6.0-14.el9_7?arch=ppc64le\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"product": {
"name": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"product_id": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.6.0-14.el9_7?arch=ppc64le\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"product": {
"name": "podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"product_id": "podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.6.0-14.el9_7?arch=ppc64le\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"product": {
"name": "podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"product_id": "podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests-debuginfo@5.6.0-14.el9_7?arch=ppc64le\u0026epoch=6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-6:5.6.0-14.el9_7.x86_64",
"product": {
"name": "podman-6:5.6.0-14.el9_7.x86_64",
"product_id": "podman-6:5.6.0-14.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.6.0-14.el9_7?arch=x86_64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-6:5.6.0-14.el9_7.x86_64",
"product": {
"name": "podman-plugins-6:5.6.0-14.el9_7.x86_64",
"product_id": "podman-plugins-6:5.6.0-14.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.6.0-14.el9_7?arch=x86_64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-remote-6:5.6.0-14.el9_7.x86_64",
"product": {
"name": "podman-remote-6:5.6.0-14.el9_7.x86_64",
"product_id": "podman-remote-6:5.6.0-14.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.6.0-14.el9_7?arch=x86_64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-tests-6:5.6.0-14.el9_7.x86_64",
"product": {
"name": "podman-tests-6:5.6.0-14.el9_7.x86_64",
"product_id": "podman-tests-6:5.6.0-14.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.6.0-14.el9_7?arch=x86_64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"product": {
"name": "podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"product_id": "podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.6.0-14.el9_7?arch=x86_64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"product": {
"name": "podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"product_id": "podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.6.0-14.el9_7?arch=x86_64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"product": {
"name": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"product_id": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.6.0-14.el9_7?arch=x86_64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"product": {
"name": "podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"product_id": "podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.6.0-14.el9_7?arch=x86_64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64",
"product": {
"name": "podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64",
"product_id": "podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests-debuginfo@5.6.0-14.el9_7?arch=x86_64\u0026epoch=6"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-6:5.6.0-14.el9_7.s390x",
"product": {
"name": "podman-6:5.6.0-14.el9_7.s390x",
"product_id": "podman-6:5.6.0-14.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.6.0-14.el9_7?arch=s390x\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-6:5.6.0-14.el9_7.s390x",
"product": {
"name": "podman-plugins-6:5.6.0-14.el9_7.s390x",
"product_id": "podman-plugins-6:5.6.0-14.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.6.0-14.el9_7?arch=s390x\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-remote-6:5.6.0-14.el9_7.s390x",
"product": {
"name": "podman-remote-6:5.6.0-14.el9_7.s390x",
"product_id": "podman-remote-6:5.6.0-14.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.6.0-14.el9_7?arch=s390x\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-tests-6:5.6.0-14.el9_7.s390x",
"product": {
"name": "podman-tests-6:5.6.0-14.el9_7.s390x",
"product_id": "podman-tests-6:5.6.0-14.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.6.0-14.el9_7?arch=s390x\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-6:5.6.0-14.el9_7.s390x",
"product": {
"name": "podman-debugsource-6:5.6.0-14.el9_7.s390x",
"product_id": "podman-debugsource-6:5.6.0-14.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.6.0-14.el9_7?arch=s390x\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"product": {
"name": "podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"product_id": "podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.6.0-14.el9_7?arch=s390x\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"product": {
"name": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"product_id": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.6.0-14.el9_7?arch=s390x\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"product": {
"name": "podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"product_id": "podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.6.0-14.el9_7?arch=s390x\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"product": {
"name": "podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"product_id": "podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests-debuginfo@5.6.0-14.el9_7?arch=s390x\u0026epoch=6"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-6:5.6.0-14.el9_7.noarch",
"product": {
"name": "podman-docker-6:5.6.0-14.el9_7.noarch",
"product_id": "podman-docker-6:5.6.0-14.el9_7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-docker@5.6.0-14.el9_7?arch=noarch\u0026epoch=6"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-6:5.6.0-14.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64"
},
"product_reference": "podman-6:5.6.0-14.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-6:5.6.0-14.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le"
},
"product_reference": "podman-6:5.6.0-14.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-6:5.6.0-14.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x"
},
"product_reference": "podman-6:5.6.0-14.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-6:5.6.0-14.el9_7.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src"
},
"product_reference": "podman-6:5.6.0-14.el9_7.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-6:5.6.0-14.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64"
},
"product_reference": "podman-6:5.6.0-14.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-6:5.6.0-14.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64"
},
"product_reference": "podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-6:5.6.0-14.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le"
},
"product_reference": "podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-6:5.6.0-14.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x"
},
"product_reference": "podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-6:5.6.0-14.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64"
},
"product_reference": "podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-6:5.6.0-14.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64"
},
"product_reference": "podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-6:5.6.0-14.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le"
},
"product_reference": "podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-6:5.6.0-14.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x"
},
"product_reference": "podman-debugsource-6:5.6.0-14.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-6:5.6.0-14.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64"
},
"product_reference": "podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-6:5.6.0-14.el9_7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch"
},
"product_reference": "podman-docker-6:5.6.0-14.el9_7.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-6:5.6.0-14.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64"
},
"product_reference": "podman-plugins-6:5.6.0-14.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-6:5.6.0-14.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le"
},
"product_reference": "podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-6:5.6.0-14.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x"
},
"product_reference": "podman-plugins-6:5.6.0-14.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-6:5.6.0-14.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64"
},
"product_reference": "podman-plugins-6:5.6.0-14.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64"
},
"product_reference": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le"
},
"product_reference": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x"
},
"product_reference": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64"
},
"product_reference": "podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-6:5.6.0-14.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64"
},
"product_reference": "podman-remote-6:5.6.0-14.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-6:5.6.0-14.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le"
},
"product_reference": "podman-remote-6:5.6.0-14.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-6:5.6.0-14.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x"
},
"product_reference": "podman-remote-6:5.6.0-14.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-6:5.6.0-14.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64"
},
"product_reference": "podman-remote-6:5.6.0-14.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64"
},
"product_reference": "podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le"
},
"product_reference": "podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x"
},
"product_reference": "podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64"
},
"product_reference": "podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-6:5.6.0-14.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64"
},
"product_reference": "podman-tests-6:5.6.0-14.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-6:5.6.0-14.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le"
},
"product_reference": "podman-tests-6:5.6.0-14.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-6:5.6.0-14.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x"
},
"product_reference": "podman-tests-6:5.6.0-14.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-6:5.6.0-14.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64"
},
"product_reference": "podman-tests-6:5.6.0-14.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64"
},
"product_reference": "podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le"
},
"product_reference": "podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x"
},
"product_reference": "podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64"
},
"product_reference": "podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T11:48:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3337"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T11:48:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3337"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T11:48:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3337"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T11:48:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3337"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.src",
"AppStream-9.7.0.Z.MAIN:podman-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-debugsource-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-docker-6:5.6.0-14.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-plugins-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-remote-debuginfo-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-6:5.6.0-14.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:podman-tests-debuginfo-6:5.6.0-14.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:3340
Vulnerability from csaf_redhat - Published: 2026-02-25 12:16 - Updated: 2026-05-26 09:04Summary
Red Hat Security Advisory: skopeo security update
Severity
Important
Notes
Topic: An update for skopeo is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for skopeo is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. \n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3340",
"url": "https://access.redhat.com/errata/RHSA-2026:3340"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3340.json"
}
],
"title": "Red Hat Security Advisory: skopeo security update",
"tracking": {
"current_release_date": "2026-05-26T09:04:37+00:00",
"generator": {
"date": "2026-05-26T09:04:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:3340",
"initial_release_date": "2026-02-25T12:16:20+00:00",
"revision_history": [
{
"date": "2026-02-25T12:16:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-25T12:16:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:04:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.20.0-3.el9_7.src",
"product": {
"name": "skopeo-2:1.20.0-3.el9_7.src",
"product_id": "skopeo-2:1.20.0-3.el9_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.20.0-3.el9_7?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.20.0-3.el9_7.aarch64",
"product": {
"name": "skopeo-2:1.20.0-3.el9_7.aarch64",
"product_id": "skopeo-2:1.20.0-3.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.20.0-3.el9_7?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.20.0-3.el9_7.aarch64",
"product": {
"name": "skopeo-tests-2:1.20.0-3.el9_7.aarch64",
"product_id": "skopeo-tests-2:1.20.0-3.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.20.0-3.el9_7?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.20.0-3.el9_7.aarch64",
"product": {
"name": "skopeo-debugsource-2:1.20.0-3.el9_7.aarch64",
"product_id": "skopeo-debugsource-2:1.20.0-3.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.20.0-3.el9_7?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64",
"product": {
"name": "skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64",
"product_id": "skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.20.0-3.el9_7?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.20.0-3.el9_7.ppc64le",
"product": {
"name": "skopeo-2:1.20.0-3.el9_7.ppc64le",
"product_id": "skopeo-2:1.20.0-3.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.20.0-3.el9_7?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.20.0-3.el9_7.ppc64le",
"product": {
"name": "skopeo-tests-2:1.20.0-3.el9_7.ppc64le",
"product_id": "skopeo-tests-2:1.20.0-3.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.20.0-3.el9_7?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le",
"product": {
"name": "skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le",
"product_id": "skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.20.0-3.el9_7?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le",
"product": {
"name": "skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le",
"product_id": "skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.20.0-3.el9_7?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.20.0-3.el9_7.x86_64",
"product": {
"name": "skopeo-2:1.20.0-3.el9_7.x86_64",
"product_id": "skopeo-2:1.20.0-3.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.20.0-3.el9_7?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.20.0-3.el9_7.x86_64",
"product": {
"name": "skopeo-tests-2:1.20.0-3.el9_7.x86_64",
"product_id": "skopeo-tests-2:1.20.0-3.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.20.0-3.el9_7?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.20.0-3.el9_7.x86_64",
"product": {
"name": "skopeo-debugsource-2:1.20.0-3.el9_7.x86_64",
"product_id": "skopeo-debugsource-2:1.20.0-3.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.20.0-3.el9_7?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64",
"product": {
"name": "skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64",
"product_id": "skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.20.0-3.el9_7?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.20.0-3.el9_7.s390x",
"product": {
"name": "skopeo-2:1.20.0-3.el9_7.s390x",
"product_id": "skopeo-2:1.20.0-3.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.20.0-3.el9_7?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.20.0-3.el9_7.s390x",
"product": {
"name": "skopeo-tests-2:1.20.0-3.el9_7.s390x",
"product_id": "skopeo-tests-2:1.20.0-3.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.20.0-3.el9_7?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.20.0-3.el9_7.s390x",
"product": {
"name": "skopeo-debugsource-2:1.20.0-3.el9_7.s390x",
"product_id": "skopeo-debugsource-2:1.20.0-3.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.20.0-3.el9_7?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.20.0-3.el9_7.s390x",
"product": {
"name": "skopeo-debuginfo-2:1.20.0-3.el9_7.s390x",
"product_id": "skopeo-debuginfo-2:1.20.0-3.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.20.0-3.el9_7?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.20.0-3.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.aarch64"
},
"product_reference": "skopeo-2:1.20.0-3.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.20.0-3.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.ppc64le"
},
"product_reference": "skopeo-2:1.20.0-3.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.20.0-3.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.s390x"
},
"product_reference": "skopeo-2:1.20.0-3.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.20.0-3.el9_7.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.src"
},
"product_reference": "skopeo-2:1.20.0-3.el9_7.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.20.0-3.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.x86_64"
},
"product_reference": "skopeo-2:1.20.0-3.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64"
},
"product_reference": "skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le"
},
"product_reference": "skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.20.0-3.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.s390x"
},
"product_reference": "skopeo-debuginfo-2:1.20.0-3.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64"
},
"product_reference": "skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.20.0-3.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.aarch64"
},
"product_reference": "skopeo-debugsource-2:1.20.0-3.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le"
},
"product_reference": "skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.20.0-3.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.s390x"
},
"product_reference": "skopeo-debugsource-2:1.20.0-3.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.20.0-3.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.x86_64"
},
"product_reference": "skopeo-debugsource-2:1.20.0-3.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.20.0-3.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.aarch64"
},
"product_reference": "skopeo-tests-2:1.20.0-3.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.20.0-3.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.ppc64le"
},
"product_reference": "skopeo-tests-2:1.20.0-3.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.20.0-3.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.s390x"
},
"product_reference": "skopeo-tests-2:1.20.0-3.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.20.0-3.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.x86_64"
},
"product_reference": "skopeo-tests-2:1.20.0-3.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T12:16:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3340"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T12:16:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3340"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T12:16:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3340"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:skopeo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debuginfo-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-debugsource-2:1.20.0-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:skopeo-tests-2:1.20.0-3.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:3341
Vulnerability from csaf_redhat - Published: 2026-02-25 12:14 - Updated: 2026-05-26 09:04Summary
Red Hat Security Advisory: containernetworking-plugins security update
Severity
Important
Notes
Topic: An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. \n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3341",
"url": "https://access.redhat.com/errata/RHSA-2026:3341"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3341.json"
}
],
"title": "Red Hat Security Advisory: containernetworking-plugins security update",
"tracking": {
"current_release_date": "2026-05-26T09:04:37+00:00",
"generator": {
"date": "2026-05-26T09:04:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:3341",
"initial_release_date": "2026-02-25T12:14:45+00:00",
"revision_history": [
{
"date": "2026-02-25T12:14:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-25T12:14:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:04:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.7.1-3.el9_7.src",
"product": {
"name": "containernetworking-plugins-1:1.7.1-3.el9_7.src",
"product_id": "containernetworking-plugins-1:1.7.1-3.el9_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.7.1-3.el9_7?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.7.1-3.el9_7.aarch64",
"product": {
"name": "containernetworking-plugins-1:1.7.1-3.el9_7.aarch64",
"product_id": "containernetworking-plugins-1:1.7.1-3.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.7.1-3.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64",
"product_id": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.7.1-3.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64",
"product_id": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.7.1-3.el9_7?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le",
"product": {
"name": "containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le",
"product_id": "containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.7.1-3.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le",
"product_id": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.7.1-3.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le",
"product_id": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.7.1-3.el9_7?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.7.1-3.el9_7.x86_64",
"product": {
"name": "containernetworking-plugins-1:1.7.1-3.el9_7.x86_64",
"product_id": "containernetworking-plugins-1:1.7.1-3.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.7.1-3.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64",
"product_id": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.7.1-3.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64",
"product_id": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.7.1-3.el9_7?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.7.1-3.el9_7.s390x",
"product": {
"name": "containernetworking-plugins-1:1.7.1-3.el9_7.s390x",
"product_id": "containernetworking-plugins-1:1.7.1-3.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.7.1-3.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x",
"product_id": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.7.1-3.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x",
"product_id": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.7.1-3.el9_7?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.7.1-3.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.aarch64"
},
"product_reference": "containernetworking-plugins-1:1.7.1-3.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le"
},
"product_reference": "containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.7.1-3.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.s390x"
},
"product_reference": "containernetworking-plugins-1:1.7.1-3.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.7.1-3.el9_7.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.src"
},
"product_reference": "containernetworking-plugins-1:1.7.1-3.el9_7.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.7.1-3.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.x86_64"
},
"product_reference": "containernetworking-plugins-1:1.7.1-3.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T12:14:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3341"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T12:14:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3341"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T12:14:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3341"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.src",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debuginfo-1:1.7.1-3.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:containernetworking-plugins-debugsource-1:1.7.1-3.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:3343
Vulnerability from csaf_redhat - Published: 2026-02-25 11:50 - Updated: 2026-05-26 09:04Summary
Red Hat Security Advisory: skopeo security update
Severity
Important
Notes
Topic: An update for skopeo is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for skopeo is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. \n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3343",
"url": "https://access.redhat.com/errata/RHSA-2026:3343"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3343.json"
}
],
"title": "Red Hat Security Advisory: skopeo security update",
"tracking": {
"current_release_date": "2026-05-26T09:04:37+00:00",
"generator": {
"date": "2026-05-26T09:04:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:3343",
"initial_release_date": "2026-02-25T11:50:40+00:00",
"revision_history": [
{
"date": "2026-02-25T11:50:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-25T11:50:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:04:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.20.0-3.el10_1.src",
"product": {
"name": "skopeo-2:1.20.0-3.el10_1.src",
"product_id": "skopeo-2:1.20.0-3.el10_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.20.0-3.el10_1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.20.0-3.el10_1.aarch64",
"product": {
"name": "skopeo-2:1.20.0-3.el10_1.aarch64",
"product_id": "skopeo-2:1.20.0-3.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.20.0-3.el10_1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.20.0-3.el10_1.aarch64",
"product": {
"name": "skopeo-tests-2:1.20.0-3.el10_1.aarch64",
"product_id": "skopeo-tests-2:1.20.0-3.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.20.0-3.el10_1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.20.0-3.el10_1.aarch64",
"product": {
"name": "skopeo-debugsource-2:1.20.0-3.el10_1.aarch64",
"product_id": "skopeo-debugsource-2:1.20.0-3.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.20.0-3.el10_1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64",
"product": {
"name": "skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64",
"product_id": "skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.20.0-3.el10_1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.20.0-3.el10_1.ppc64le",
"product": {
"name": "skopeo-2:1.20.0-3.el10_1.ppc64le",
"product_id": "skopeo-2:1.20.0-3.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.20.0-3.el10_1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.20.0-3.el10_1.ppc64le",
"product": {
"name": "skopeo-tests-2:1.20.0-3.el10_1.ppc64le",
"product_id": "skopeo-tests-2:1.20.0-3.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.20.0-3.el10_1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le",
"product": {
"name": "skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le",
"product_id": "skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.20.0-3.el10_1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le",
"product": {
"name": "skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le",
"product_id": "skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.20.0-3.el10_1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.20.0-3.el10_1.x86_64",
"product": {
"name": "skopeo-2:1.20.0-3.el10_1.x86_64",
"product_id": "skopeo-2:1.20.0-3.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.20.0-3.el10_1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.20.0-3.el10_1.x86_64",
"product": {
"name": "skopeo-tests-2:1.20.0-3.el10_1.x86_64",
"product_id": "skopeo-tests-2:1.20.0-3.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.20.0-3.el10_1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.20.0-3.el10_1.x86_64",
"product": {
"name": "skopeo-debugsource-2:1.20.0-3.el10_1.x86_64",
"product_id": "skopeo-debugsource-2:1.20.0-3.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.20.0-3.el10_1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64",
"product": {
"name": "skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64",
"product_id": "skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.20.0-3.el10_1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.20.0-3.el10_1.s390x",
"product": {
"name": "skopeo-2:1.20.0-3.el10_1.s390x",
"product_id": "skopeo-2:1.20.0-3.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.20.0-3.el10_1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.20.0-3.el10_1.s390x",
"product": {
"name": "skopeo-tests-2:1.20.0-3.el10_1.s390x",
"product_id": "skopeo-tests-2:1.20.0-3.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.20.0-3.el10_1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.20.0-3.el10_1.s390x",
"product": {
"name": "skopeo-debugsource-2:1.20.0-3.el10_1.s390x",
"product_id": "skopeo-debugsource-2:1.20.0-3.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.20.0-3.el10_1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.20.0-3.el10_1.s390x",
"product": {
"name": "skopeo-debuginfo-2:1.20.0-3.el10_1.s390x",
"product_id": "skopeo-debuginfo-2:1.20.0-3.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.20.0-3.el10_1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.20.0-3.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.aarch64"
},
"product_reference": "skopeo-2:1.20.0-3.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.20.0-3.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.ppc64le"
},
"product_reference": "skopeo-2:1.20.0-3.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.20.0-3.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.s390x"
},
"product_reference": "skopeo-2:1.20.0-3.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.20.0-3.el10_1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.src"
},
"product_reference": "skopeo-2:1.20.0-3.el10_1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.20.0-3.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.x86_64"
},
"product_reference": "skopeo-2:1.20.0-3.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64"
},
"product_reference": "skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le"
},
"product_reference": "skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.20.0-3.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.s390x"
},
"product_reference": "skopeo-debuginfo-2:1.20.0-3.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64"
},
"product_reference": "skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.20.0-3.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.aarch64"
},
"product_reference": "skopeo-debugsource-2:1.20.0-3.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le"
},
"product_reference": "skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.20.0-3.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.s390x"
},
"product_reference": "skopeo-debugsource-2:1.20.0-3.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.20.0-3.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.x86_64"
},
"product_reference": "skopeo-debugsource-2:1.20.0-3.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.20.0-3.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.aarch64"
},
"product_reference": "skopeo-tests-2:1.20.0-3.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.20.0-3.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.ppc64le"
},
"product_reference": "skopeo-tests-2:1.20.0-3.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.20.0-3.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.s390x"
},
"product_reference": "skopeo-tests-2:1.20.0-3.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.20.0-3.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.x86_64"
},
"product_reference": "skopeo-tests-2:1.20.0-3.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.src",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T11:50:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.src",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3343"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.src",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.src",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.src",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T11:50:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.src",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3343"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.src",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.src",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T11:50:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.src",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3343"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.src",
"AppStream-10.1.Z:skopeo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debuginfo-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-debugsource-2:1.20.0-3.el10_1.x86_64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.aarch64",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.ppc64le",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.s390x",
"AppStream-10.1.Z:skopeo-tests-2:1.20.0-3.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:3459
Vulnerability from csaf_redhat - Published: 2026-02-26 19:58 - Updated: 2026-05-26 09:04Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.9.0 release
Severity
Important
Notes
Topic: Red Hat OpenShift distributed tracing platform (Tempo) 3.9.0 has been released
Details: This release of the Red Hat OpenShift distributed tracing platform (Tempo) provides new features, security improvements, and bug fixes.
Breaking changes:
* Nothing
Deprecations:
* Nothing
Technology Preview features:
* Nothing
Enhancements:
* This release upgrades Tempo components to version 2.10.0, which improves TraceQL performance. Jira issue: https://issues.redhat.com/browse/TRACING-5944.
* This update extends the `TempoStack` Custom Resource Definition (CRD) with a network policy option that enables the Operator to reconcile network policies among all components. This option is enabled by default. Jira issue: https://issues.redhat.com/browse/TRACING-5807.
* This update adds support for overriding the Operator configuration by using environment variables. You can configure Operator settings through the `Subscription` custom resource of the Operator Lifecycle Manager (OLM) without modifying ConfigMaps. The `--config` flag remains available for custom configuration files if needed. Jira issue: https://issues.redhat.com/browse/TRACING-5745.
* This update introduces the `size` field for `TempoStack` deployments, which provides predefined t-shirt size configurations. Instead of manually calculating CPU, memory, and storage for each component, you can select a size that matches your workload scale. The following sizes are available: `1x.demo`, `1x.pico`, `1x.extra-small`, `1x.small`, and `1x.medium`. This field is optional and existing configurations using `resources.total` or per-component overrides continue to work unchanged. Jira issue: https://issues.redhat.com/browse/TRACING-5376.
* Improve TempoMonolithic memory usage. The Operator now automatically sets the `GOMEMLIMIT` soft memory limit for the Go garbage collector to 80% of the container memory limit for all Tempo components. This reduces the likelihood of out-of-memory terminations. Jira issue: https://issues.redhat.com/browse/TRACING-4554.
* This update requires tenant configuration and an enabled gateway for `TempoStack` and `TempoMonolithic` instances. If you do not enable the gateway, the Operator displays a warning. For a `TempoStack` instance, enable the gateway by setting `.spec.template.gateway.enabled` to `true`. For a `TempoMonolithic` instance, the gateway is enabled automatically when any tenant is configured. `TempoStack` and `TempoMonolithic` instances without an enabled gateway are not supported. Jira ticket: https://issues.redhat.com/browse/TRACING-5750.
* This release upgrades the Red Hat Universal Base Image (UBI) to version 9.
Bug fixes:
* Fixed network policies for managed OpenShift services. Before this update, the Operator network policies used a hard-coded port 6443 for the API server. As a consequence, the Operator failed to connect to managed OpenShift services that expose the API on port 443. With this update, the Operator dynamically retrieves the control plane address from service endpoints. As a result, network policies work correctly on all OpenShift environments. Jira issue: https://issues.redhat.com/browse/TRACING-5974.
* CVE-2025-61726: Before this update, a flaw existed in the `net/url` package in the Go standard library. As a consequence, a denial-of-service HTTP request with a massive number of query parameters could cause the application to consume an excessive amount of memory and eventually become unresponsive. This release eliminates this flaw. For more information, see https://access.redhat.com/security/cve/cve-2025-61726.
* CVE-2025-61729: Before this update, the `HostnameError.Error()` function in the Go `crypto/x509` package used string concatenation in a loop without limiting the number of printed hostnames. As a consequence, processing a malicious certificate with many hostnames could cause excessive CPU and memory consumption, leading to a denial-of-service condition. This release includes the fix for this flaw. For more information, see https://access.redhat.com/security/cve/CVE-2025-61729.
* CVE-2025-68121: Before this update, a flaw existed in the `crypto/tls` package in the Go standard library. As a consequence, during TLS session resumption, unauthorized clients or servers could bypass certificate validation if CA pools were mutated between handshakes. This release includes the fix for this flaw. For more information, see https://access.redhat.com/security/cve/CVE-2025-68121.
Known issues:
* Gateway fails to forward OTLP HTTP traffic when receiver TLS is enabled. When Tempo Monolithic is configured with `multitenancy.enabled: true` and `ingestion.otlp.http.tls.enabled: true`, the gateway forwards OTLP HTTP traffic to the Tempo receiver using plain HTTP instead of HTTPS. As a consequence, the connection fails with a `connection reset by peer` error because the receiver expects TLS connections. OTLP gRPC ingestion through the gateway is not affected. Jira issue: https://issues.redhat.com/browse/TRACING-5973.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64 | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x | — |
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64 | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x | — |
Threats
Impact
Moderate
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift distributed tracing platform (Tempo) 3.9.0 has been released",
"title": "Topic"
},
{
"category": "general",
"text": "This release of the Red Hat OpenShift distributed tracing platform (Tempo) provides new features, security improvements, and bug fixes.\n\n\nBreaking changes:\n\n* Nothing\n\n\nDeprecations:\n\n* Nothing\n\n\nTechnology Preview features:\n\n* Nothing\n\n\nEnhancements:\n\n* This release upgrades Tempo components to version 2.10.0, which improves TraceQL performance. Jira issue: https://issues.redhat.com/browse/TRACING-5944.\n\n* This update extends the `TempoStack` Custom Resource Definition (CRD) with a network policy option that enables the Operator to reconcile network policies among all components. This option is enabled by default. Jira issue: https://issues.redhat.com/browse/TRACING-5807.\n\n* This update adds support for overriding the Operator configuration by using environment variables. You can configure Operator settings through the `Subscription` custom resource of the Operator Lifecycle Manager (OLM) without modifying ConfigMaps. The `--config` flag remains available for custom configuration files if needed. Jira issue: https://issues.redhat.com/browse/TRACING-5745.\n\n* This update introduces the `size` field for `TempoStack` deployments, which provides predefined t-shirt size configurations. Instead of manually calculating CPU, memory, and storage for each component, you can select a size that matches your workload scale. The following sizes are available: `1x.demo`, `1x.pico`, `1x.extra-small`, `1x.small`, and `1x.medium`. This field is optional and existing configurations using `resources.total` or per-component overrides continue to work unchanged. Jira issue: https://issues.redhat.com/browse/TRACING-5376.\n\n* Improve TempoMonolithic memory usage. The Operator now automatically sets the `GOMEMLIMIT` soft memory limit for the Go garbage collector to 80% of the container memory limit for all Tempo components. This reduces the likelihood of out-of-memory terminations. Jira issue: https://issues.redhat.com/browse/TRACING-4554.\n\n* This update requires tenant configuration and an enabled gateway for `TempoStack` and `TempoMonolithic` instances. If you do not enable the gateway, the Operator displays a warning. For a `TempoStack` instance, enable the gateway by setting `.spec.template.gateway.enabled` to `true`. For a `TempoMonolithic` instance, the gateway is enabled automatically when any tenant is configured. `TempoStack` and `TempoMonolithic` instances without an enabled gateway are not supported. Jira ticket: https://issues.redhat.com/browse/TRACING-5750.\n\n* This release upgrades the Red Hat Universal Base Image (UBI) to version 9.\n\n\nBug fixes:\n\n* Fixed network policies for managed OpenShift services. Before this update, the Operator network policies used a hard-coded port 6443 for the API server. As a consequence, the Operator failed to connect to managed OpenShift services that expose the API on port 443. With this update, the Operator dynamically retrieves the control plane address from service endpoints. As a result, network policies work correctly on all OpenShift environments. Jira issue: https://issues.redhat.com/browse/TRACING-5974.\n\n* CVE-2025-61726: Before this update, a flaw existed in the `net/url` package in the Go standard library. As a consequence, a denial-of-service HTTP request with a massive number of query parameters could cause the application to consume an excessive amount of memory and eventually become unresponsive. This release eliminates this flaw. For more information, see https://access.redhat.com/security/cve/cve-2025-61726.\n\n* CVE-2025-61729: Before this update, the `HostnameError.Error()` function in the Go `crypto/x509` package used string concatenation in a loop without limiting the number of printed hostnames. As a consequence, processing a malicious certificate with many hostnames could cause excessive CPU and memory consumption, leading to a denial-of-service condition. This release includes the fix for this flaw. For more information, see https://access.redhat.com/security/cve/CVE-2025-61729.\n\n* CVE-2025-68121: Before this update, a flaw existed in the `crypto/tls` package in the Go standard library. As a consequence, during TLS session resumption, unauthorized clients or servers could bypass certificate validation if CA pools were mutated between handshakes. This release includes the fix for this flaw. For more information, see https://access.redhat.com/security/cve/CVE-2025-68121.\n\n\nKnown issues:\n\n* Gateway fails to forward OTLP HTTP traffic when receiver TLS is enabled. When Tempo Monolithic is configured with `multitenancy.enabled: true` and `ingestion.otlp.http.tls.enabled: true`, the gateway forwards OTLP HTTP traffic to the Tempo receiver using plain HTTP instead of HTTPS. As a consequence, the connection fails with a `connection reset by peer` error because the receiver expects TLS connections. OTLP gRPC ingestion through the gateway is not affected. Jira issue: https://issues.redhat.com/browse/TRACING-5973.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3459",
"url": "https://access.redhat.com/errata/RHSA-2026:3459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/distributed_tracing/distributed-tracing-platform-tempo",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/distributed_tracing/distributed-tracing-platform-tempo"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3459.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.9.0 release",
"tracking": {
"current_release_date": "2026-05-26T09:04:40+00:00",
"generator": {
"date": "2026-05-26T09:04:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:3459",
"initial_release_date": "2026-02-26T19:58:40+00:00",
"revision_history": [
{
"date": "2026-02-26T19:58:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-26T19:58:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:04:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 3.9.3",
"product": {
"name": "Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-operator-bundle@sha256%3A90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771847684"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel9@sha256%3Af406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel9@sha256%3A8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843277"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel9@sha256%3Acd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843135"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9-operator@sha256%3Adc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843096"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel9@sha256%3A64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843085"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9@sha256%3Adf88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843082"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel9@sha256%3A5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel9@sha256%3Ada4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843277"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel9@sha256%3Aa03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843135"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9-operator@sha256%3A836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843096"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel9@sha256%3Acee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843085"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9@sha256%3A2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843082"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel9@sha256%3A16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel9@sha256%3A4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843277"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel9@sha256%3Afc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843135"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9-operator@sha256%3A0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843096"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel9@sha256%3A52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843085"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9@sha256%3A3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843082"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel9@sha256%3A76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel9@sha256%3Ac90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843277"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel9@sha256%3Abfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843135"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9-operator@sha256%3Aecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843096"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel9@sha256%3A0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843085"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel9@sha256%3Ac665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771843082"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T19:58:40+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3459"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T19:58:40+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3459"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T19:58:40+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3459"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:a03e51634b01763f1f4ef7d74c1927919430d1fa1e4c37de3e1541b7dcf07b7c_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:bfce7a25f48e52508ea06d5cbfa2713ba34001108d1300fa997278b8adbd602a_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:cd55f3750867fa478f118f6f24cc34ab1778a29b3e46665408874d945df7dab9_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel9@sha256:fc56b8131efe2bd94900d237b8cedf72ddc917e269c9a8277852cb3eeb65aa50_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:16060709000e2eadd2a67e70c07169673d8a5dd17e2a0c3773f00f2ed70a2387_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:5d876965288712d82ad017e5838ca5b9c4fa507c8c7c14ceb404a020113d8396_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:76a0a2fba9632bd614adc12eb35df686f2502c71cfdbf699a1c3d2bb62871d29_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-gateway-rhel9@sha256:f406407af8056cdf664bc525ca91dba35cb047f57b6072c0611567b9d52639a7_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:4d8aacf31e9e78db9aa8f9722e89c1999da5033b9e6716c3853845cc3b1e06f5_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:8fd5701262304469820b1103a5aefbd5a63200bbb106cd81e1f402548812a932_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:c90c7540ee2549fa430f5fd42b7e2a6183e0027fa11514151496b56e235b610c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel9@sha256:da4e907fcbb808128b23afd41d4651555dcff11db2e361adc1bfac1f231db4aa_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:90d1a71febb6cac99b64fc4863bcb66b11aa18c30dad93b244aca3290c3574e0_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:0bf8e0ac0183cc9c0bb8011261945562fc848f92083770f009babf55a76d97aa_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:52f9517cb0d07549162a971c4969fe1319a2fb287135f54e1344065ef516883d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:64493ed24c50692ef9cd6150737102d98ae120b6dba1599fdd6f13dff4c783a3_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-query-rhel9@sha256:cee195d4549093a1d9d161b243a1373368560f8bd578a57e5e2f5a2239801b99_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:0acc5e1a59997d41552c51e2be79e7f40c8b91a2ee55d7c1efc9e0cd7960de9a_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:836fe86ff3d2beeedfb4eeea334e06f971a216fe903b846a1186c2fb77024b45_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:dc6eb4ba236ba188753f3c44134e76b95b56d3f6c85a05dc298885da72c0a8dd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9-operator@sha256:ecf05fcb9614dfaab20783e9218f418497eaddd42b0d51a32a8034c52070376e_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:2c607d3ab16a5576481d060c5022a60aded5105169b44a02036fa6f37a169953_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:3012a6730ca532de4dc6d524279e9c9f04b69afeaec81c3fc2df43bfc1c888b7_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:c665ee88b56ebe02f4d2260262bb044647d900a17958ac9dae3932d240ceac09_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/tempo-rhel9@sha256:df88c2ddadcc28f76718d9965867aa4bcfb55d8b891184b54755e4d1be68ebd1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…