Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-68121 (GCVE-0-2025-68121)
Vulnerability from cvelistv5 – Published: 2026-02-05 17:48 – Updated: 2026-04-29 13:29
VLAI
EPSS
Title
Unexpected session resumption in crypto/tls
Summary
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
Severity
9.1 (Critical)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/tls |
Affected:
0 , < 1.24.13
(semver)
Affected: 1.25.0-0 , < 1.25.7 (semver) Affected: 1.26.0-rc.1 , < 1.26.0-rc.3 (semver) |
Credits
Coia Prant (github.com/rbqvq)
Go Security Team
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-68121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T03:55:46.305385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T13:29:25.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/tls",
"product": "crypto/tls",
"programRoutines": [
{
"name": "Conn.handshakeContext"
},
{
"name": "Conn.Handshake"
},
{
"name": "Conn.HandshakeContext"
},
{
"name": "Conn.Read"
},
{
"name": "Conn.Write"
},
{
"name": "Dial"
},
{
"name": "DialWithDialer"
},
{
"name": "Dialer.Dial"
},
{
"name": "Dialer.DialContext"
},
{
"name": "QUICConn.Start"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.24.13",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.25.7",
"status": "affected",
"version": "1.25.0-0",
"versionType": "semver"
},
{
"lessThan": "1.26.0-rc.3",
"status": "affected",
"version": "1.26.0-rc.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Coia Prant (github.com/rbqvq)"
},
{
"lang": "en",
"value": "Go Security Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-295: Improper Certificate Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T17:48:44.141Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"url": "https://go.dev/cl/737700"
},
{
"url": "https://go.dev/issue/77217"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"title": "Unexpected session resumption in crypto/tls"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-68121",
"datePublished": "2026-02-05T17:48:44.141Z",
"dateReserved": "2025-12-15T16:48:04.451Z",
"dateUpdated": "2026-04-29T13:29:25.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-68121",
"date": "2026-05-25",
"epss": "0.00018",
"percentile": "0.04801"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-68121\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-02-05T18:16:10.857\",\"lastModified\":\"2026-04-29T14:16:16.170\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.\"},{\"lang\":\"es\",\"value\":\"Durante la reanudaci\u00f3n de la sesi\u00f3n en crypto/tls, si la Config subyacente tiene sus campos ClientCAs o RootCAs mutados entre el handshake inicial y el handshake reanudado, el handshake reanudado puede tener \u00e9xito cuando deber\u00eda haber fallado. Esto puede ocurrir cuando un usuario llama a Config.Clone y muta la Config devuelta, o usa Config.GetConfigForClient. Esto puede hacer que un cliente reanude una sesi\u00f3n con un servidor con el que no la habr\u00eda reanudado durante el handshake inicial, o hacer que un servidor reanude una sesi\u00f3n con un cliente con el que no la habr\u00eda reanudado durante el handshake inicial.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.13\",\"matchCriteriaId\":\"9FEE539A-EDC2-4044-A38C-5A0FDF567509\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.25.0\",\"versionEndExcluding\":\"1.25.7\",\"matchCriteriaId\":\"B275853C-E253-485B-B469-31D1A7383965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.26.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E529A0EC-B944-4E2F-B26A-2A9F31AFF240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.26.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"553D6D90-140E-4A54-86A3-00E66AC30F3C\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/737700\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/77217\",\"source\":\"security@golang.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/K09ubi9FQFk\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4337\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-68121\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-29T03:55:46.305385Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"CWE-295 Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-06T15:32:38.457Z\"}}], \"cna\": {\"title\": \"Unexpected session resumption in crypto/tls\", \"credits\": [{\"lang\": \"en\", \"value\": \"Coia Prant (github.com/rbqvq)\"}, {\"lang\": \"en\", \"value\": \"Go Security Team\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/tls\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.24.13\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.25.0-0\", \"lessThan\": \"1.25.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.26.0-rc.1\", \"lessThan\": \"1.26.0-rc.3\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/tls\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Conn.handshakeContext\"}, {\"name\": \"Conn.Handshake\"}, {\"name\": \"Conn.HandshakeContext\"}, {\"name\": \"Conn.Read\"}, {\"name\": \"Conn.Write\"}, {\"name\": \"Dial\"}, {\"name\": \"DialWithDialer\"}, {\"name\": \"Dialer.Dial\"}, {\"name\": \"Dialer.DialContext\"}, {\"name\": \"QUICConn.Start\"}]}], \"references\": [{\"url\": \"https://groups.google.com/g/golang-announce/c/K09ubi9FQFk\"}, {\"url\": \"https://go.dev/cl/737700\"}, {\"url\": \"https://go.dev/issue/77217\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4337\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-295: Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-02-05T17:48:44.141Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-68121\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-29T13:29:25.582Z\", \"dateReserved\": \"2025-12-15T16:48:04.451Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-02-05T17:48:44.141Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:4892
Vulnerability from csaf_redhat - Published: 2026-03-18 08:06 - Updated: 2026-05-26 09:05Summary
Red Hat Security Advisory: rhc security update
Severity
Important
Notes
Topic: An update for rhc is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhc is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4892",
"url": "https://access.redhat.com/errata/RHSA-2026:4892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4892.json"
}
],
"title": "Red Hat Security Advisory: rhc security update",
"tracking": {
"current_release_date": "2026-05-26T09:05:24+00:00",
"generator": {
"date": "2026-05-26T09:05:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:4892",
"initial_release_date": "2026-03-18T08:06:26+00:00",
"revision_history": [
{
"date": "2026-03-18T08:06:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-18T08:06:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:05:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.4-2.el10_1.src",
"product": {
"name": "rhc-1:0.3.4-2.el10_1.src",
"product_id": "rhc-1:0.3.4-2.el10_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.4-2.el10_1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.4-2.el10_1.aarch64",
"product": {
"name": "rhc-1:0.3.4-2.el10_1.aarch64",
"product_id": "rhc-1:0.3.4-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.4-2.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.3.4-2.el10_1.aarch64",
"product": {
"name": "rhc-debugsource-1:0.3.4-2.el10_1.aarch64",
"product_id": "rhc-debugsource-1:0.3.4-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.3.4-2.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.3.4-2.el10_1.aarch64",
"product": {
"name": "rhc-debuginfo-1:0.3.4-2.el10_1.aarch64",
"product_id": "rhc-debuginfo-1:0.3.4-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.3.4-2.el10_1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.4-2.el10_1.ppc64le",
"product": {
"name": "rhc-1:0.3.4-2.el10_1.ppc64le",
"product_id": "rhc-1:0.3.4-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.4-2.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.3.4-2.el10_1.ppc64le",
"product": {
"name": "rhc-debugsource-1:0.3.4-2.el10_1.ppc64le",
"product_id": "rhc-debugsource-1:0.3.4-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.3.4-2.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le",
"product": {
"name": "rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le",
"product_id": "rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.3.4-2.el10_1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.4-2.el10_1.s390x",
"product": {
"name": "rhc-1:0.3.4-2.el10_1.s390x",
"product_id": "rhc-1:0.3.4-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.4-2.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.3.4-2.el10_1.s390x",
"product": {
"name": "rhc-debugsource-1:0.3.4-2.el10_1.s390x",
"product_id": "rhc-debugsource-1:0.3.4-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.3.4-2.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.3.4-2.el10_1.s390x",
"product": {
"name": "rhc-debuginfo-1:0.3.4-2.el10_1.s390x",
"product_id": "rhc-debuginfo-1:0.3.4-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.3.4-2.el10_1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.4-2.el10_1.x86_64",
"product": {
"name": "rhc-1:0.3.4-2.el10_1.x86_64",
"product_id": "rhc-1:0.3.4-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.4-2.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.3.4-2.el10_1.x86_64",
"product": {
"name": "rhc-debugsource-1:0.3.4-2.el10_1.x86_64",
"product_id": "rhc-debugsource-1:0.3.4-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.3.4-2.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.3.4-2.el10_1.x86_64",
"product": {
"name": "rhc-debuginfo-1:0.3.4-2.el10_1.x86_64",
"product_id": "rhc-debuginfo-1:0.3.4-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.3.4-2.el10_1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.4-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.aarch64"
},
"product_reference": "rhc-1:0.3.4-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.4-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.ppc64le"
},
"product_reference": "rhc-1:0.3.4-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.4-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.s390x"
},
"product_reference": "rhc-1:0.3.4-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.4-2.el10_1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.src"
},
"product_reference": "rhc-1:0.3.4-2.el10_1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.4-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.x86_64"
},
"product_reference": "rhc-1:0.3.4-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.3.4-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.aarch64"
},
"product_reference": "rhc-debuginfo-1:0.3.4-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le"
},
"product_reference": "rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.3.4-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.s390x"
},
"product_reference": "rhc-debuginfo-1:0.3.4-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.3.4-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.x86_64"
},
"product_reference": "rhc-debuginfo-1:0.3.4-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.3.4-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.aarch64"
},
"product_reference": "rhc-debugsource-1:0.3.4-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.3.4-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.ppc64le"
},
"product_reference": "rhc-debugsource-1:0.3.4-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.3.4-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.s390x"
},
"product_reference": "rhc-debugsource-1:0.3.4-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.3.4-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.x86_64"
},
"product_reference": "rhc-debugsource-1:0.3.4-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.src",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T08:06:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.src",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4892"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.src",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.src",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.src",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T08:06:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.src",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4892"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.src",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.src",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T08:06:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.src",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4892"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.src",
"AppStream-10.1.Z:rhc-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debuginfo-1:0.3.4-2.el10_1.x86_64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.aarch64",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.ppc64le",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.s390x",
"AppStream-10.1.Z:rhc-debugsource-1:0.3.4-2.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:4901
Vulnerability from csaf_redhat - Published: 2026-03-18 11:07 - Updated: 2026-05-26 09:05Summary
Red Hat Security Advisory: rhc security update
Severity
Important
Notes
Topic: An update for rhc is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhc is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4901",
"url": "https://access.redhat.com/errata/RHSA-2026:4901"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4901.json"
}
],
"title": "Red Hat Security Advisory: rhc security update",
"tracking": {
"current_release_date": "2026-05-26T09:05:25+00:00",
"generator": {
"date": "2026-05-26T09:05:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:4901",
"initial_release_date": "2026-03-18T11:07:06+00:00",
"revision_history": [
{
"date": "2026-03-18T11:07:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-18T11:07:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:05:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.7-2.el9_7.src",
"product": {
"name": "rhc-1:0.2.7-2.el9_7.src",
"product_id": "rhc-1:0.2.7-2.el9_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.7-2.el9_7?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.7-2.el9_7.aarch64",
"product": {
"name": "rhc-1:0.2.7-2.el9_7.aarch64",
"product_id": "rhc-1:0.2.7-2.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.7-2.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"product": {
"name": "rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"product_id": "rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.7-2.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"product": {
"name": "rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"product_id": "rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.7-2.el9_7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-devel-1:0.2.7-2.el9_7.aarch64",
"product": {
"name": "rhc-devel-1:0.2.7-2.el9_7.aarch64",
"product_id": "rhc-devel-1:0.2.7-2.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-devel@0.2.7-2.el9_7?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.7-2.el9_7.ppc64le",
"product": {
"name": "rhc-1:0.2.7-2.el9_7.ppc64le",
"product_id": "rhc-1:0.2.7-2.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.7-2.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"product": {
"name": "rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"product_id": "rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.7-2.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"product": {
"name": "rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"product_id": "rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.7-2.el9_7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"product": {
"name": "rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"product_id": "rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-devel@0.2.7-2.el9_7?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.7-2.el9_7.x86_64",
"product": {
"name": "rhc-1:0.2.7-2.el9_7.x86_64",
"product_id": "rhc-1:0.2.7-2.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.7-2.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"product": {
"name": "rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"product_id": "rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.7-2.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"product": {
"name": "rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"product_id": "rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.7-2.el9_7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-devel-1:0.2.7-2.el9_7.x86_64",
"product": {
"name": "rhc-devel-1:0.2.7-2.el9_7.x86_64",
"product_id": "rhc-devel-1:0.2.7-2.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-devel@0.2.7-2.el9_7?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.7-2.el9_7.s390x",
"product": {
"name": "rhc-1:0.2.7-2.el9_7.s390x",
"product_id": "rhc-1:0.2.7-2.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.7-2.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"product": {
"name": "rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"product_id": "rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.7-2.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"product": {
"name": "rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"product_id": "rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.7-2.el9_7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-devel-1:0.2.7-2.el9_7.s390x",
"product": {
"name": "rhc-devel-1:0.2.7-2.el9_7.s390x",
"product_id": "rhc-devel-1:0.2.7-2.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-devel@0.2.7-2.el9_7?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-2.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64"
},
"product_reference": "rhc-1:0.2.7-2.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-2.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le"
},
"product_reference": "rhc-1:0.2.7-2.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-2.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x"
},
"product_reference": "rhc-1:0.2.7-2.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-2.el9_7.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src"
},
"product_reference": "rhc-1:0.2.7-2.el9_7.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-2.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64"
},
"product_reference": "rhc-1:0.2.7-2.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-2.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64"
},
"product_reference": "rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le"
},
"product_reference": "rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-2.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x"
},
"product_reference": "rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-2.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64"
},
"product_reference": "rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-2.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64"
},
"product_reference": "rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-2.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le"
},
"product_reference": "rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-2.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x"
},
"product_reference": "rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-2.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64"
},
"product_reference": "rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-2.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64"
},
"product_reference": "rhc-devel-1:0.2.7-2.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-2.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le"
},
"product_reference": "rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-2.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x"
},
"product_reference": "rhc-devel-1:0.2.7-2.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-2.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64"
},
"product_reference": "rhc-devel-1:0.2.7-2.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-2.el9_7.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64"
},
"product_reference": "rhc-1:0.2.7-2.el9_7.aarch64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-2.el9_7.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le"
},
"product_reference": "rhc-1:0.2.7-2.el9_7.ppc64le",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-2.el9_7.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x"
},
"product_reference": "rhc-1:0.2.7-2.el9_7.s390x",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-2.el9_7.src as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src"
},
"product_reference": "rhc-1:0.2.7-2.el9_7.src",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-2.el9_7.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64"
},
"product_reference": "rhc-1:0.2.7-2.el9_7.x86_64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-2.el9_7.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64"
},
"product_reference": "rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le"
},
"product_reference": "rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-2.el9_7.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x"
},
"product_reference": "rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-2.el9_7.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64"
},
"product_reference": "rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-2.el9_7.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64"
},
"product_reference": "rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-2.el9_7.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le"
},
"product_reference": "rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-2.el9_7.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x"
},
"product_reference": "rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-2.el9_7.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64"
},
"product_reference": "rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-2.el9_7.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64"
},
"product_reference": "rhc-devel-1:0.2.7-2.el9_7.aarch64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-2.el9_7.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le"
},
"product_reference": "rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-2.el9_7.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x"
},
"product_reference": "rhc-devel-1:0.2.7-2.el9_7.s390x",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-2.el9_7.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64"
},
"product_reference": "rhc-devel-1:0.2.7-2.el9_7.x86_64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T11:07:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4901"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T11:07:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4901"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T11:07:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4901"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"AppStream-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.src",
"CRB-9.7.0.Z.MAIN:rhc-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debuginfo-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-debugsource-1:0.2.7-2.el9_7.x86_64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.aarch64",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.ppc64le",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.s390x",
"CRB-9.7.0.Z.MAIN:rhc-devel-1:0.2.7-2.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:4907
Vulnerability from csaf_redhat - Published: 2026-03-18 10:44 - Updated: 2026-05-26 09:05Summary
Red Hat Security Advisory: rhc security update
Severity
Important
Notes
Topic: An update for rhc is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhc is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4907",
"url": "https://access.redhat.com/errata/RHSA-2026:4907"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4907.json"
}
],
"title": "Red Hat Security Advisory: rhc security update",
"tracking": {
"current_release_date": "2026-05-26T09:05:25+00:00",
"generator": {
"date": "2026-05-26T09:05:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:4907",
"initial_release_date": "2026-03-18T10:44:01+00:00",
"revision_history": [
{
"date": "2026-03-18T10:44:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-18T10:44:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:05:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.2-2.el10_0.src",
"product": {
"name": "rhc-1:0.3.2-2.el10_0.src",
"product_id": "rhc-1:0.3.2-2.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.2-2.el10_0?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.2-2.el10_0.aarch64",
"product": {
"name": "rhc-1:0.3.2-2.el10_0.aarch64",
"product_id": "rhc-1:0.3.2-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.2-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.3.2-2.el10_0.aarch64",
"product": {
"name": "rhc-debugsource-1:0.3.2-2.el10_0.aarch64",
"product_id": "rhc-debugsource-1:0.3.2-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.3.2-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.3.2-2.el10_0.aarch64",
"product": {
"name": "rhc-debuginfo-1:0.3.2-2.el10_0.aarch64",
"product_id": "rhc-debuginfo-1:0.3.2-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.3.2-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.2-2.el10_0.ppc64le",
"product": {
"name": "rhc-1:0.3.2-2.el10_0.ppc64le",
"product_id": "rhc-1:0.3.2-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.2-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.3.2-2.el10_0.ppc64le",
"product": {
"name": "rhc-debugsource-1:0.3.2-2.el10_0.ppc64le",
"product_id": "rhc-debugsource-1:0.3.2-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.3.2-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le",
"product": {
"name": "rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le",
"product_id": "rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.3.2-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.2-2.el10_0.s390x",
"product": {
"name": "rhc-1:0.3.2-2.el10_0.s390x",
"product_id": "rhc-1:0.3.2-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.2-2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.3.2-2.el10_0.s390x",
"product": {
"name": "rhc-debugsource-1:0.3.2-2.el10_0.s390x",
"product_id": "rhc-debugsource-1:0.3.2-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.3.2-2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.3.2-2.el10_0.s390x",
"product": {
"name": "rhc-debuginfo-1:0.3.2-2.el10_0.s390x",
"product_id": "rhc-debuginfo-1:0.3.2-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.3.2-2.el10_0?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.2-2.el10_0.x86_64",
"product": {
"name": "rhc-1:0.3.2-2.el10_0.x86_64",
"product_id": "rhc-1:0.3.2-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.2-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.3.2-2.el10_0.x86_64",
"product": {
"name": "rhc-debugsource-1:0.3.2-2.el10_0.x86_64",
"product_id": "rhc-debugsource-1:0.3.2-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.3.2-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.3.2-2.el10_0.x86_64",
"product": {
"name": "rhc-debuginfo-1:0.3.2-2.el10_0.x86_64",
"product_id": "rhc-debuginfo-1:0.3.2-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.3.2-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.2-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.aarch64"
},
"product_reference": "rhc-1:0.3.2-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.2-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.ppc64le"
},
"product_reference": "rhc-1:0.3.2-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.2-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.s390x"
},
"product_reference": "rhc-1:0.3.2-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.2-2.el10_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.src"
},
"product_reference": "rhc-1:0.3.2-2.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.2-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.x86_64"
},
"product_reference": "rhc-1:0.3.2-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.3.2-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.aarch64"
},
"product_reference": "rhc-debuginfo-1:0.3.2-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le"
},
"product_reference": "rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.3.2-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.s390x"
},
"product_reference": "rhc-debuginfo-1:0.3.2-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.3.2-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.x86_64"
},
"product_reference": "rhc-debuginfo-1:0.3.2-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.3.2-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.aarch64"
},
"product_reference": "rhc-debugsource-1:0.3.2-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.3.2-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.ppc64le"
},
"product_reference": "rhc-debugsource-1:0.3.2-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.3.2-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.s390x"
},
"product_reference": "rhc-debugsource-1:0.3.2-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.3.2-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.x86_64"
},
"product_reference": "rhc-debugsource-1:0.3.2-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T10:44:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4907"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T10:44:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4907"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T10:44:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4907"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:4942
Vulnerability from csaf_redhat - Published: 2026-03-18 16:21 - Updated: 2026-05-26 09:05Summary
Red Hat Security Advisory: Red Hat Quay 3.12.15
Severity
Important
Notes
Topic: Red Hat Quay 3.12.15 is now available with bug fixes.
Details: Quay 3.12.15
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64 | — |
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64 | — |
Threats
Impact
Moderate
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
7.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64 | — |
Workaround
|
Threats
Impact
Important
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
7.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64 | — |
Threats
Impact
Moderate
A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64 | — |
Threats
Impact
Moderate
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64 | — |
Workaround
|
Threats
Impact
Important
References
90 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.12.15 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.12.15",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4942",
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27628",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4942.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.12.15",
"tracking": {
"current_release_date": "2026-05-26T09:05:27+00:00",
"generator": {
"date": "2026-05-26T09:05:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:4942",
"initial_release_date": "2026-03-18T16:21:15+00:00",
"revision_history": [
{
"date": "2026-03-18T16:21:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-22T07:19:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:05:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.12",
"product": {
"name": "Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773766026"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aa5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ac3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772132933"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Af4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773775889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Af15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Add1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ad547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ae39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27628",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-25T04:02:09.864561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442543"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to supply a crafted PDF file to be processed by an application using the pypdf library. This issue can cause the application to enter an infinite loop and consume a high amount of CPU resources, eventually resulting in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "RHBZ#2442543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f",
"url": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/issues/3654",
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
}
],
"release_date": "2026-02-25T02:45:37.543000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
}
]
}
RHSA-2026:4952
Vulnerability from csaf_redhat - Published: 2026-03-18 21:13 - Updated: 2026-05-26 09:05Summary
Red Hat Security Advisory: rhc security update
Severity
Important
Notes
Topic: An update for rhc is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhc is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4952",
"url": "https://access.redhat.com/errata/RHSA-2026:4952"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4952.json"
}
],
"title": "Red Hat Security Advisory: rhc security update",
"tracking": {
"current_release_date": "2026-05-26T09:05:27+00:00",
"generator": {
"date": "2026-05-26T09:05:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:4952",
"initial_release_date": "2026-03-18T21:13:13+00:00",
"revision_history": [
{
"date": "2026-03-18T21:13:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-18T21:13:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:05:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.5-4.el8_10.src",
"product": {
"name": "rhc-1:0.2.5-4.el8_10.src",
"product_id": "rhc-1:0.2.5-4.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.5-4.el8_10?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.5-4.el8_10.aarch64",
"product": {
"name": "rhc-1:0.2.5-4.el8_10.aarch64",
"product_id": "rhc-1:0.2.5-4.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.5-4.el8_10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.5-4.el8_10.aarch64",
"product": {
"name": "rhc-debugsource-1:0.2.5-4.el8_10.aarch64",
"product_id": "rhc-debugsource-1:0.2.5-4.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.5-4.el8_10?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.5-4.el8_10.aarch64",
"product": {
"name": "rhc-debuginfo-1:0.2.5-4.el8_10.aarch64",
"product_id": "rhc-debuginfo-1:0.2.5-4.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.5-4.el8_10?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.5-4.el8_10.ppc64le",
"product": {
"name": "rhc-1:0.2.5-4.el8_10.ppc64le",
"product_id": "rhc-1:0.2.5-4.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.5-4.el8_10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.5-4.el8_10.ppc64le",
"product": {
"name": "rhc-debugsource-1:0.2.5-4.el8_10.ppc64le",
"product_id": "rhc-debugsource-1:0.2.5-4.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.5-4.el8_10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le",
"product": {
"name": "rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le",
"product_id": "rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.5-4.el8_10?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.5-4.el8_10.x86_64",
"product": {
"name": "rhc-1:0.2.5-4.el8_10.x86_64",
"product_id": "rhc-1:0.2.5-4.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.5-4.el8_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.5-4.el8_10.x86_64",
"product": {
"name": "rhc-debugsource-1:0.2.5-4.el8_10.x86_64",
"product_id": "rhc-debugsource-1:0.2.5-4.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.5-4.el8_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.5-4.el8_10.x86_64",
"product": {
"name": "rhc-debuginfo-1:0.2.5-4.el8_10.x86_64",
"product_id": "rhc-debuginfo-1:0.2.5-4.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.5-4.el8_10?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.5-4.el8_10.s390x",
"product": {
"name": "rhc-1:0.2.5-4.el8_10.s390x",
"product_id": "rhc-1:0.2.5-4.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.5-4.el8_10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.5-4.el8_10.s390x",
"product": {
"name": "rhc-debugsource-1:0.2.5-4.el8_10.s390x",
"product_id": "rhc-debugsource-1:0.2.5-4.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.5-4.el8_10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.5-4.el8_10.s390x",
"product": {
"name": "rhc-debuginfo-1:0.2.5-4.el8_10.s390x",
"product_id": "rhc-debuginfo-1:0.2.5-4.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.5-4.el8_10?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.5-4.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.aarch64"
},
"product_reference": "rhc-1:0.2.5-4.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.5-4.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.ppc64le"
},
"product_reference": "rhc-1:0.2.5-4.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.5-4.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.s390x"
},
"product_reference": "rhc-1:0.2.5-4.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.5-4.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.src"
},
"product_reference": "rhc-1:0.2.5-4.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.5-4.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.x86_64"
},
"product_reference": "rhc-1:0.2.5-4.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.5-4.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.aarch64"
},
"product_reference": "rhc-debuginfo-1:0.2.5-4.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le"
},
"product_reference": "rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.5-4.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.s390x"
},
"product_reference": "rhc-debuginfo-1:0.2.5-4.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.5-4.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.x86_64"
},
"product_reference": "rhc-debuginfo-1:0.2.5-4.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.5-4.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.aarch64"
},
"product_reference": "rhc-debugsource-1:0.2.5-4.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.5-4.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.ppc64le"
},
"product_reference": "rhc-debugsource-1:0.2.5-4.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.5-4.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.s390x"
},
"product_reference": "rhc-debugsource-1:0.2.5-4.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.5-4.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.x86_64"
},
"product_reference": "rhc-debugsource-1:0.2.5-4.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T21:13:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4952"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T21:13:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4952"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T21:13:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4952"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debuginfo-1:0.2.5-4.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:rhc-debugsource-1:0.2.5-4.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:5077
Vulnerability from csaf_redhat - Published: 2026-03-19 23:49 - Updated: 2026-05-26 09:05Summary
Red Hat Security Advisory: rhc security update
Severity
Important
Notes
Topic: An update for rhc is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhc is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5077",
"url": "https://access.redhat.com/errata/RHSA-2026:5077"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5077.json"
}
],
"title": "Red Hat Security Advisory: rhc security update",
"tracking": {
"current_release_date": "2026-05-26T09:05:29+00:00",
"generator": {
"date": "2026-05-26T09:05:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:5077",
"initial_release_date": "2026-03-19T23:49:18+00:00",
"revision_history": [
{
"date": "2026-03-19T23:49:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T23:49:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:05:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product": {
"name": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.7-1.el9_6.1.src",
"product": {
"name": "rhc-1:0.2.7-1.el9_6.1.src",
"product_id": "rhc-1:0.2.7-1.el9_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.7-1.el9_6.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.7-1.el9_6.1.aarch64",
"product": {
"name": "rhc-1:0.2.7-1.el9_6.1.aarch64",
"product_id": "rhc-1:0.2.7-1.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.7-1.el9_6.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"product": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"product_id": "rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.7-1.el9_6.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"product": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"product_id": "rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.7-1.el9_6.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"product": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"product_id": "rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-devel@0.2.7-1.el9_6.1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.7-1.el9_6.1.ppc64le",
"product": {
"name": "rhc-1:0.2.7-1.el9_6.1.ppc64le",
"product_id": "rhc-1:0.2.7-1.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.7-1.el9_6.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"product": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"product_id": "rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.7-1.el9_6.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"product": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"product_id": "rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.7-1.el9_6.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"product": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"product_id": "rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-devel@0.2.7-1.el9_6.1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.7-1.el9_6.1.x86_64",
"product": {
"name": "rhc-1:0.2.7-1.el9_6.1.x86_64",
"product_id": "rhc-1:0.2.7-1.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.7-1.el9_6.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"product": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"product_id": "rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.7-1.el9_6.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"product": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"product_id": "rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.7-1.el9_6.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"product": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"product_id": "rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-devel@0.2.7-1.el9_6.1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.7-1.el9_6.1.s390x",
"product": {
"name": "rhc-1:0.2.7-1.el9_6.1.s390x",
"product_id": "rhc-1:0.2.7-1.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.7-1.el9_6.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"product": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"product_id": "rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.7-1.el9_6.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"product": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"product_id": "rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.7-1.el9_6.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"product": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"product_id": "rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-devel@0.2.7-1.el9_6.1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-1.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64"
},
"product_reference": "rhc-1:0.2.7-1.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-1.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le"
},
"product_reference": "rhc-1:0.2.7-1.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-1.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x"
},
"product_reference": "rhc-1:0.2.7-1.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-1.el9_6.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src"
},
"product_reference": "rhc-1:0.2.7-1.el9_6.1.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-1.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64"
},
"product_reference": "rhc-1:0.2.7-1.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64"
},
"product_reference": "rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le"
},
"product_reference": "rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x"
},
"product_reference": "rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64"
},
"product_reference": "rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64"
},
"product_reference": "rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le"
},
"product_reference": "rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x"
},
"product_reference": "rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64"
},
"product_reference": "rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64"
},
"product_reference": "rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le"
},
"product_reference": "rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x"
},
"product_reference": "rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
},
"product_reference": "rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-1.el9_6.1.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64"
},
"product_reference": "rhc-1:0.2.7-1.el9_6.1.aarch64",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-1.el9_6.1.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le"
},
"product_reference": "rhc-1:0.2.7-1.el9_6.1.ppc64le",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-1.el9_6.1.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x"
},
"product_reference": "rhc-1:0.2.7-1.el9_6.1.s390x",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-1.el9_6.1.src as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src"
},
"product_reference": "rhc-1:0.2.7-1.el9_6.1.src",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-1.el9_6.1.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64"
},
"product_reference": "rhc-1:0.2.7-1.el9_6.1.x86_64",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64"
},
"product_reference": "rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le"
},
"product_reference": "rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x"
},
"product_reference": "rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64"
},
"product_reference": "rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64"
},
"product_reference": "rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le"
},
"product_reference": "rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x"
},
"product_reference": "rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64"
},
"product_reference": "rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64"
},
"product_reference": "rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le"
},
"product_reference": "rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x"
},
"product_reference": "rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
},
"product_reference": "rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T23:49:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5077"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T23:49:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5077"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T23:49:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5077"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"CRB-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:5110
Vulnerability from csaf_redhat - Published: 2026-03-19 10:27 - Updated: 2026-05-26 09:05Summary
Red Hat Security Advisory: Multicluster Global Hub 1.5.4 security update
Severity
Important
Notes
Topic: Multicluster Global Hub v1.5.4 general availability release images, which provide security fixes, bug fixes, and updated container images.
Red Hat Product Security has rated this update as having a security impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details: Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64 | — |
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64 | — |
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64 | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in nats-server. The WebSockets implementation fails to enforce a memory allocation limit during the decompression of WebSocket messages. A malicious compressed payload allows an attacker to cause an excessive memory consumption, eventually resulting in a server crash and a complete denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64 | — |
Workaround
|
Threats
Impact
Moderate
References
64 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multicluster Global Hub v1.5.4 general availability release images, which provide security fixes, bug fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. \nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5110",
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27571",
"url": "https://access.redhat.com/security/cve/CVE-2026-27571"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5110.json"
}
],
"title": "Red Hat Security Advisory: Multicluster Global Hub 1.5.4 security update",
"tracking": {
"current_release_date": "2026-05-26T09:05:30+00:00",
"generator": {
"date": "2026-05-26T09:05:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:5110",
"initial_release_date": "2026-03-19T10:27:09+00:00",
"revision_history": [
{
"date": "2026-03-19T10:27:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T10:27:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:05:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Multicluster Global Hub 1.5.4",
"product": {
"name": "Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_globalhub:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Multicluster Global Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Ad28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650767"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Aa57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650627"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Aadfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650749"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256%3A4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773652587"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Aecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649850"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649705"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650767"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650627"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Aa10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650749"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649850"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Ad13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649705"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Acc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650767"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650627"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650749"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649850"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Ab8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649705"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Af8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650767"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650627"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Ac045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650749"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649850"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Abace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649705"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T10:27:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T10:27:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T10:27:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T10:27:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T10:27:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T10:27:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-27571",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-02-24T17:04:11.684134+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442401"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nats-server. The WebSockets implementation fails to enforce a memory allocation limit during the decompression of WebSocket messages. A malicious compressed payload allows an attacker to cause an excessive memory consumption, eventually resulting in a server crash and a complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: WebSockets pre-auth memory DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not require valid NATS credentials to be exploited as the use of compression is negotiated before the authentication process. However, only deployments using WebSockets and that are exposed to untrusted network endpoints are vulnerable to this issue, limiting its exposure. Due to these reasons, this issue has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27571"
},
{
"category": "external",
"summary": "RHBZ#2442401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442401"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27571",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27571"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27571",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27571"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/commit/f77fb7c4535e6727cc1a2899cd8e6bbdd8ba2017",
"url": "https://github.com/nats-io/nats-server/commit/f77fb7c4535e6727cc1a2899cd8e6bbdd8ba2017"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/releases/tag/v2.11.12",
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.11.12"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/releases/tag/v2.12.3",
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.3"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw"
}
],
"release_date": "2026-02-24T15:59:17.926000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T10:27:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nats-server: WebSockets pre-auth memory DoS"
}
]
}
RHSA-2026:5129
Vulnerability from csaf_redhat - Published: 2026-03-19 14:08 - Updated: 2026-05-26 09:05Summary
Red Hat Security Advisory: Kiali 2.4.14 for Red Hat OpenShift Service Mesh 3.0
Severity
Important
Notes
Topic: Kiali 2.4.14 for Red Hat OpenShift Service Mesh 3.0
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Kiali 2.4.14, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.
Security Fix(es):
* kiali-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* kiali-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:446cce7b07e107aeac66e4ac3e74e41e0f1e952f9de2fbf49069500899e4e533_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:541f3c997549509601e29a3baad7afdf189190f45f0da3543bd2c19763b801cd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6eb41fcb4690319f7f8433d1d83a00c75251d96124a249512e877f0b58b17b23_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7727fa1a840330b7a24ba8f291924b3670a8ec7cac16a13e9268109f777a8150_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:31fcf6c64980c5f5aae31bcefefa390a06f9a9d78478c3768d1d29406cfaf2f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:868bee43c5aa1a6f1bd7679ee99f8a420bc55e448c74252342aa85d1719114be_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:91547f3f22d7b9ed334601ae056f2322e555633af9fb71da44b8102bbf7719ca_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d0d96c1ff664e73bab184017898c7119481c00bab8ac98e971ba9677cf98c579_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:446cce7b07e107aeac66e4ac3e74e41e0f1e952f9de2fbf49069500899e4e533_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:541f3c997549509601e29a3baad7afdf189190f45f0da3543bd2c19763b801cd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6eb41fcb4690319f7f8433d1d83a00c75251d96124a249512e877f0b58b17b23_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7727fa1a840330b7a24ba8f291924b3670a8ec7cac16a13e9268109f777a8150_s390x | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:31fcf6c64980c5f5aae31bcefefa390a06f9a9d78478c3768d1d29406cfaf2f9_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:868bee43c5aa1a6f1bd7679ee99f8a420bc55e448c74252342aa85d1719114be_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:91547f3f22d7b9ed334601ae056f2322e555633af9fb71da44b8102bbf7719ca_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d0d96c1ff664e73bab184017898c7119481c00bab8ac98e971ba9677cf98c579_s390x | — |
Threats
Impact
Moderate
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.4.14 for Red Hat OpenShift Service Mesh 3.0\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.4.14, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* kiali-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* kiali-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5129",
"url": "https://access.redhat.com/errata/RHSA-2026:5129"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61726",
"url": "https://access.redhat.com/security/cve/cve-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-68121",
"url": "https://access.redhat.com/security/cve/cve-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5129.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.4.14 for Red Hat OpenShift Service Mesh 3.0",
"tracking": {
"current_release_date": "2026-05-26T09:05:31+00:00",
"generator": {
"date": "2026-05-26T09:05:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:5129",
"initial_release_date": "2026-03-19T14:08:51+00:00",
"revision_history": [
{
"date": "2026-03-19T14:08:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T14:08:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:05:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3",
"product": {
"name": "Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:446cce7b07e107aeac66e4ac3e74e41e0f1e952f9de2fbf49069500899e4e533_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:446cce7b07e107aeac66e4ac3e74e41e0f1e952f9de2fbf49069500899e4e533_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:446cce7b07e107aeac66e4ac3e74e41e0f1e952f9de2fbf49069500899e4e533_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A446cce7b07e107aeac66e4ac3e74e41e0f1e952f9de2fbf49069500899e4e533?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:31fcf6c64980c5f5aae31bcefefa390a06f9a9d78478c3768d1d29406cfaf2f9_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:31fcf6c64980c5f5aae31bcefefa390a06f9a9d78478c3768d1d29406cfaf2f9_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:31fcf6c64980c5f5aae31bcefefa390a06f9a9d78478c3768d1d29406cfaf2f9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A31fcf6c64980c5f5aae31bcefefa390a06f9a9d78478c3768d1d29406cfaf2f9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059698"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:541f3c997549509601e29a3baad7afdf189190f45f0da3543bd2c19763b801cd_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:541f3c997549509601e29a3baad7afdf189190f45f0da3543bd2c19763b801cd_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:541f3c997549509601e29a3baad7afdf189190f45f0da3543bd2c19763b801cd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A541f3c997549509601e29a3baad7afdf189190f45f0da3543bd2c19763b801cd?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:91547f3f22d7b9ed334601ae056f2322e555633af9fb71da44b8102bbf7719ca_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:91547f3f22d7b9ed334601ae056f2322e555633af9fb71da44b8102bbf7719ca_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:91547f3f22d7b9ed334601ae056f2322e555633af9fb71da44b8102bbf7719ca_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A91547f3f22d7b9ed334601ae056f2322e555633af9fb71da44b8102bbf7719ca?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059698"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6eb41fcb4690319f7f8433d1d83a00c75251d96124a249512e877f0b58b17b23_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6eb41fcb4690319f7f8433d1d83a00c75251d96124a249512e877f0b58b17b23_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6eb41fcb4690319f7f8433d1d83a00c75251d96124a249512e877f0b58b17b23_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A6eb41fcb4690319f7f8433d1d83a00c75251d96124a249512e877f0b58b17b23?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:868bee43c5aa1a6f1bd7679ee99f8a420bc55e448c74252342aa85d1719114be_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:868bee43c5aa1a6f1bd7679ee99f8a420bc55e448c74252342aa85d1719114be_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:868bee43c5aa1a6f1bd7679ee99f8a420bc55e448c74252342aa85d1719114be_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A868bee43c5aa1a6f1bd7679ee99f8a420bc55e448c74252342aa85d1719114be?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059698"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7727fa1a840330b7a24ba8f291924b3670a8ec7cac16a13e9268109f777a8150_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7727fa1a840330b7a24ba8f291924b3670a8ec7cac16a13e9268109f777a8150_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7727fa1a840330b7a24ba8f291924b3670a8ec7cac16a13e9268109f777a8150_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A7727fa1a840330b7a24ba8f291924b3670a8ec7cac16a13e9268109f777a8150?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d0d96c1ff664e73bab184017898c7119481c00bab8ac98e971ba9677cf98c579_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d0d96c1ff664e73bab184017898c7119481c00bab8ac98e971ba9677cf98c579_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d0d96c1ff664e73bab184017898c7119481c00bab8ac98e971ba9677cf98c579_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ad0d96c1ff664e73bab184017898c7119481c00bab8ac98e971ba9677cf98c579?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059698"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:31fcf6c64980c5f5aae31bcefefa390a06f9a9d78478c3768d1d29406cfaf2f9_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:31fcf6c64980c5f5aae31bcefefa390a06f9a9d78478c3768d1d29406cfaf2f9_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:31fcf6c64980c5f5aae31bcefefa390a06f9a9d78478c3768d1d29406cfaf2f9_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:868bee43c5aa1a6f1bd7679ee99f8a420bc55e448c74252342aa85d1719114be_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:868bee43c5aa1a6f1bd7679ee99f8a420bc55e448c74252342aa85d1719114be_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:868bee43c5aa1a6f1bd7679ee99f8a420bc55e448c74252342aa85d1719114be_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:91547f3f22d7b9ed334601ae056f2322e555633af9fb71da44b8102bbf7719ca_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:91547f3f22d7b9ed334601ae056f2322e555633af9fb71da44b8102bbf7719ca_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:91547f3f22d7b9ed334601ae056f2322e555633af9fb71da44b8102bbf7719ca_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d0d96c1ff664e73bab184017898c7119481c00bab8ac98e971ba9677cf98c579_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d0d96c1ff664e73bab184017898c7119481c00bab8ac98e971ba9677cf98c579_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d0d96c1ff664e73bab184017898c7119481c00bab8ac98e971ba9677cf98c579_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:446cce7b07e107aeac66e4ac3e74e41e0f1e952f9de2fbf49069500899e4e533_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:446cce7b07e107aeac66e4ac3e74e41e0f1e952f9de2fbf49069500899e4e533_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:446cce7b07e107aeac66e4ac3e74e41e0f1e952f9de2fbf49069500899e4e533_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:541f3c997549509601e29a3baad7afdf189190f45f0da3543bd2c19763b801cd_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:541f3c997549509601e29a3baad7afdf189190f45f0da3543bd2c19763b801cd_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:541f3c997549509601e29a3baad7afdf189190f45f0da3543bd2c19763b801cd_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6eb41fcb4690319f7f8433d1d83a00c75251d96124a249512e877f0b58b17b23_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6eb41fcb4690319f7f8433d1d83a00c75251d96124a249512e877f0b58b17b23_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6eb41fcb4690319f7f8433d1d83a00c75251d96124a249512e877f0b58b17b23_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7727fa1a840330b7a24ba8f291924b3670a8ec7cac16a13e9268109f777a8150_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7727fa1a840330b7a24ba8f291924b3670a8ec7cac16a13e9268109f777a8150_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7727fa1a840330b7a24ba8f291924b3670a8ec7cac16a13e9268109f777a8150_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:31fcf6c64980c5f5aae31bcefefa390a06f9a9d78478c3768d1d29406cfaf2f9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:868bee43c5aa1a6f1bd7679ee99f8a420bc55e448c74252342aa85d1719114be_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:91547f3f22d7b9ed334601ae056f2322e555633af9fb71da44b8102bbf7719ca_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d0d96c1ff664e73bab184017898c7119481c00bab8ac98e971ba9677cf98c579_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:446cce7b07e107aeac66e4ac3e74e41e0f1e952f9de2fbf49069500899e4e533_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:541f3c997549509601e29a3baad7afdf189190f45f0da3543bd2c19763b801cd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6eb41fcb4690319f7f8433d1d83a00c75251d96124a249512e877f0b58b17b23_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7727fa1a840330b7a24ba8f291924b3670a8ec7cac16a13e9268109f777a8150_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:31fcf6c64980c5f5aae31bcefefa390a06f9a9d78478c3768d1d29406cfaf2f9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:868bee43c5aa1a6f1bd7679ee99f8a420bc55e448c74252342aa85d1719114be_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:91547f3f22d7b9ed334601ae056f2322e555633af9fb71da44b8102bbf7719ca_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d0d96c1ff664e73bab184017898c7119481c00bab8ac98e971ba9677cf98c579_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T14:08:51+00:00",
"details": "See Kiali 2.4.14 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:446cce7b07e107aeac66e4ac3e74e41e0f1e952f9de2fbf49069500899e4e533_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:541f3c997549509601e29a3baad7afdf189190f45f0da3543bd2c19763b801cd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6eb41fcb4690319f7f8433d1d83a00c75251d96124a249512e877f0b58b17b23_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7727fa1a840330b7a24ba8f291924b3670a8ec7cac16a13e9268109f777a8150_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5129"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:31fcf6c64980c5f5aae31bcefefa390a06f9a9d78478c3768d1d29406cfaf2f9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:868bee43c5aa1a6f1bd7679ee99f8a420bc55e448c74252342aa85d1719114be_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:91547f3f22d7b9ed334601ae056f2322e555633af9fb71da44b8102bbf7719ca_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d0d96c1ff664e73bab184017898c7119481c00bab8ac98e971ba9677cf98c579_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:446cce7b07e107aeac66e4ac3e74e41e0f1e952f9de2fbf49069500899e4e533_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:541f3c997549509601e29a3baad7afdf189190f45f0da3543bd2c19763b801cd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6eb41fcb4690319f7f8433d1d83a00c75251d96124a249512e877f0b58b17b23_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7727fa1a840330b7a24ba8f291924b3670a8ec7cac16a13e9268109f777a8150_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:31fcf6c64980c5f5aae31bcefefa390a06f9a9d78478c3768d1d29406cfaf2f9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:868bee43c5aa1a6f1bd7679ee99f8a420bc55e448c74252342aa85d1719114be_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:91547f3f22d7b9ed334601ae056f2322e555633af9fb71da44b8102bbf7719ca_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d0d96c1ff664e73bab184017898c7119481c00bab8ac98e971ba9677cf98c579_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:446cce7b07e107aeac66e4ac3e74e41e0f1e952f9de2fbf49069500899e4e533_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:541f3c997549509601e29a3baad7afdf189190f45f0da3543bd2c19763b801cd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6eb41fcb4690319f7f8433d1d83a00c75251d96124a249512e877f0b58b17b23_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7727fa1a840330b7a24ba8f291924b3670a8ec7cac16a13e9268109f777a8150_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:31fcf6c64980c5f5aae31bcefefa390a06f9a9d78478c3768d1d29406cfaf2f9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:868bee43c5aa1a6f1bd7679ee99f8a420bc55e448c74252342aa85d1719114be_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:91547f3f22d7b9ed334601ae056f2322e555633af9fb71da44b8102bbf7719ca_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d0d96c1ff664e73bab184017898c7119481c00bab8ac98e971ba9677cf98c579_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:446cce7b07e107aeac66e4ac3e74e41e0f1e952f9de2fbf49069500899e4e533_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:541f3c997549509601e29a3baad7afdf189190f45f0da3543bd2c19763b801cd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6eb41fcb4690319f7f8433d1d83a00c75251d96124a249512e877f0b58b17b23_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7727fa1a840330b7a24ba8f291924b3670a8ec7cac16a13e9268109f777a8150_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:31fcf6c64980c5f5aae31bcefefa390a06f9a9d78478c3768d1d29406cfaf2f9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:868bee43c5aa1a6f1bd7679ee99f8a420bc55e448c74252342aa85d1719114be_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:91547f3f22d7b9ed334601ae056f2322e555633af9fb71da44b8102bbf7719ca_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d0d96c1ff664e73bab184017898c7119481c00bab8ac98e971ba9677cf98c579_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T14:08:51+00:00",
"details": "See Kiali 2.4.14 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:446cce7b07e107aeac66e4ac3e74e41e0f1e952f9de2fbf49069500899e4e533_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:541f3c997549509601e29a3baad7afdf189190f45f0da3543bd2c19763b801cd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6eb41fcb4690319f7f8433d1d83a00c75251d96124a249512e877f0b58b17b23_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7727fa1a840330b7a24ba8f291924b3670a8ec7cac16a13e9268109f777a8150_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5129"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:31fcf6c64980c5f5aae31bcefefa390a06f9a9d78478c3768d1d29406cfaf2f9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:868bee43c5aa1a6f1bd7679ee99f8a420bc55e448c74252342aa85d1719114be_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:91547f3f22d7b9ed334601ae056f2322e555633af9fb71da44b8102bbf7719ca_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d0d96c1ff664e73bab184017898c7119481c00bab8ac98e971ba9677cf98c579_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:446cce7b07e107aeac66e4ac3e74e41e0f1e952f9de2fbf49069500899e4e533_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:541f3c997549509601e29a3baad7afdf189190f45f0da3543bd2c19763b801cd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6eb41fcb4690319f7f8433d1d83a00c75251d96124a249512e877f0b58b17b23_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7727fa1a840330b7a24ba8f291924b3670a8ec7cac16a13e9268109f777a8150_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:5130
Vulnerability from csaf_redhat - Published: 2026-03-19 14:08 - Updated: 2026-05-26 09:05Summary
Red Hat Security Advisory: Kiali 2.17.5 for Red Hat OpenShift Service Mesh 3.2
Severity
Important
Notes
Topic: Kiali 2.17.5 for Red Hat OpenShift Service Mesh 3.2
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Kiali 2.17.5, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.
Security Fix(es):
* kiali-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* kiali-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36b721aa3905d1968d59ac8c7b7a94452a789ec3b6421e42f0b9f02cac510a93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b12f2c95748fe15693f868f504c583fddd6a70eb158061b2f924d360ac5e2b34_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bae8264c3e4095670361ed400dc82020782ba8117a58a738b09d21c49ec348d9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f7958a05b7f26028bea2790065f5acc00f28e13501919b5ab66074fabf3e04c1_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4f0d6107986e9d5e938a7e91167d07101271d6888edaf928a2e3bb7f8fc1329c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:55bae2098ea48527447b5c2ec1c7097be824c995efbe3965d8f0062df213f353_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64455f263717b320daa11658c69fadf653dca717011bf99a311fc40f539909bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:90c9e53707dab0ab5d459c831c7261c44a34e30010a456f6b7d4aa941e945567_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36b721aa3905d1968d59ac8c7b7a94452a789ec3b6421e42f0b9f02cac510a93_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b12f2c95748fe15693f868f504c583fddd6a70eb158061b2f924d360ac5e2b34_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bae8264c3e4095670361ed400dc82020782ba8117a58a738b09d21c49ec348d9_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f7958a05b7f26028bea2790065f5acc00f28e13501919b5ab66074fabf3e04c1_amd64 | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4f0d6107986e9d5e938a7e91167d07101271d6888edaf928a2e3bb7f8fc1329c_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:55bae2098ea48527447b5c2ec1c7097be824c995efbe3965d8f0062df213f353_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64455f263717b320daa11658c69fadf653dca717011bf99a311fc40f539909bc_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:90c9e53707dab0ab5d459c831c7261c44a34e30010a456f6b7d4aa941e945567_ppc64le | — |
Threats
Impact
Moderate
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.17.5 for Red Hat OpenShift Service Mesh 3.2\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.17.5, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* kiali-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* kiali-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5130",
"url": "https://access.redhat.com/errata/RHSA-2026:5130"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61726",
"url": "https://access.redhat.com/security/cve/cve-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-68121",
"url": "https://access.redhat.com/security/cve/cve-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5130.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.17.5 for Red Hat OpenShift Service Mesh 3.2",
"tracking": {
"current_release_date": "2026-05-26T09:05:31+00:00",
"generator": {
"date": "2026-05-26T09:05:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:5130",
"initial_release_date": "2026-03-19T14:08:59+00:00",
"revision_history": [
{
"date": "2026-03-19T14:08:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T14:09:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:05:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.2",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f7958a05b7f26028bea2790065f5acc00f28e13501919b5ab66074fabf3e04c1_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f7958a05b7f26028bea2790065f5acc00f28e13501919b5ab66074fabf3e04c1_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f7958a05b7f26028bea2790065f5acc00f28e13501919b5ab66074fabf3e04c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Af7958a05b7f26028bea2790065f5acc00f28e13501919b5ab66074fabf3e04c1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773060306"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64455f263717b320daa11658c69fadf653dca717011bf99a311fc40f539909bc_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64455f263717b320daa11658c69fadf653dca717011bf99a311fc40f539909bc_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64455f263717b320daa11658c69fadf653dca717011bf99a311fc40f539909bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A64455f263717b320daa11658c69fadf653dca717011bf99a311fc40f539909bc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773067294"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bae8264c3e4095670361ed400dc82020782ba8117a58a738b09d21c49ec348d9_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bae8264c3e4095670361ed400dc82020782ba8117a58a738b09d21c49ec348d9_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bae8264c3e4095670361ed400dc82020782ba8117a58a738b09d21c49ec348d9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Abae8264c3e4095670361ed400dc82020782ba8117a58a738b09d21c49ec348d9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773060306"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4f0d6107986e9d5e938a7e91167d07101271d6888edaf928a2e3bb7f8fc1329c_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4f0d6107986e9d5e938a7e91167d07101271d6888edaf928a2e3bb7f8fc1329c_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4f0d6107986e9d5e938a7e91167d07101271d6888edaf928a2e3bb7f8fc1329c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A4f0d6107986e9d5e938a7e91167d07101271d6888edaf928a2e3bb7f8fc1329c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773067294"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b12f2c95748fe15693f868f504c583fddd6a70eb158061b2f924d360ac5e2b34_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b12f2c95748fe15693f868f504c583fddd6a70eb158061b2f924d360ac5e2b34_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b12f2c95748fe15693f868f504c583fddd6a70eb158061b2f924d360ac5e2b34_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Ab12f2c95748fe15693f868f504c583fddd6a70eb158061b2f924d360ac5e2b34?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773060306"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:90c9e53707dab0ab5d459c831c7261c44a34e30010a456f6b7d4aa941e945567_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:90c9e53707dab0ab5d459c831c7261c44a34e30010a456f6b7d4aa941e945567_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:90c9e53707dab0ab5d459c831c7261c44a34e30010a456f6b7d4aa941e945567_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A90c9e53707dab0ab5d459c831c7261c44a34e30010a456f6b7d4aa941e945567?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773067294"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36b721aa3905d1968d59ac8c7b7a94452a789ec3b6421e42f0b9f02cac510a93_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36b721aa3905d1968d59ac8c7b7a94452a789ec3b6421e42f0b9f02cac510a93_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36b721aa3905d1968d59ac8c7b7a94452a789ec3b6421e42f0b9f02cac510a93_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A36b721aa3905d1968d59ac8c7b7a94452a789ec3b6421e42f0b9f02cac510a93?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773060306"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:55bae2098ea48527447b5c2ec1c7097be824c995efbe3965d8f0062df213f353_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:55bae2098ea48527447b5c2ec1c7097be824c995efbe3965d8f0062df213f353_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:55bae2098ea48527447b5c2ec1c7097be824c995efbe3965d8f0062df213f353_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A55bae2098ea48527447b5c2ec1c7097be824c995efbe3965d8f0062df213f353?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773067294"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4f0d6107986e9d5e938a7e91167d07101271d6888edaf928a2e3bb7f8fc1329c_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4f0d6107986e9d5e938a7e91167d07101271d6888edaf928a2e3bb7f8fc1329c_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4f0d6107986e9d5e938a7e91167d07101271d6888edaf928a2e3bb7f8fc1329c_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:55bae2098ea48527447b5c2ec1c7097be824c995efbe3965d8f0062df213f353_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:55bae2098ea48527447b5c2ec1c7097be824c995efbe3965d8f0062df213f353_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:55bae2098ea48527447b5c2ec1c7097be824c995efbe3965d8f0062df213f353_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64455f263717b320daa11658c69fadf653dca717011bf99a311fc40f539909bc_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64455f263717b320daa11658c69fadf653dca717011bf99a311fc40f539909bc_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64455f263717b320daa11658c69fadf653dca717011bf99a311fc40f539909bc_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:90c9e53707dab0ab5d459c831c7261c44a34e30010a456f6b7d4aa941e945567_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:90c9e53707dab0ab5d459c831c7261c44a34e30010a456f6b7d4aa941e945567_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:90c9e53707dab0ab5d459c831c7261c44a34e30010a456f6b7d4aa941e945567_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36b721aa3905d1968d59ac8c7b7a94452a789ec3b6421e42f0b9f02cac510a93_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36b721aa3905d1968d59ac8c7b7a94452a789ec3b6421e42f0b9f02cac510a93_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36b721aa3905d1968d59ac8c7b7a94452a789ec3b6421e42f0b9f02cac510a93_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b12f2c95748fe15693f868f504c583fddd6a70eb158061b2f924d360ac5e2b34_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b12f2c95748fe15693f868f504c583fddd6a70eb158061b2f924d360ac5e2b34_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b12f2c95748fe15693f868f504c583fddd6a70eb158061b2f924d360ac5e2b34_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bae8264c3e4095670361ed400dc82020782ba8117a58a738b09d21c49ec348d9_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bae8264c3e4095670361ed400dc82020782ba8117a58a738b09d21c49ec348d9_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bae8264c3e4095670361ed400dc82020782ba8117a58a738b09d21c49ec348d9_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f7958a05b7f26028bea2790065f5acc00f28e13501919b5ab66074fabf3e04c1_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f7958a05b7f26028bea2790065f5acc00f28e13501919b5ab66074fabf3e04c1_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f7958a05b7f26028bea2790065f5acc00f28e13501919b5ab66074fabf3e04c1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4f0d6107986e9d5e938a7e91167d07101271d6888edaf928a2e3bb7f8fc1329c_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:55bae2098ea48527447b5c2ec1c7097be824c995efbe3965d8f0062df213f353_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64455f263717b320daa11658c69fadf653dca717011bf99a311fc40f539909bc_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:90c9e53707dab0ab5d459c831c7261c44a34e30010a456f6b7d4aa941e945567_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36b721aa3905d1968d59ac8c7b7a94452a789ec3b6421e42f0b9f02cac510a93_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b12f2c95748fe15693f868f504c583fddd6a70eb158061b2f924d360ac5e2b34_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bae8264c3e4095670361ed400dc82020782ba8117a58a738b09d21c49ec348d9_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f7958a05b7f26028bea2790065f5acc00f28e13501919b5ab66074fabf3e04c1_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4f0d6107986e9d5e938a7e91167d07101271d6888edaf928a2e3bb7f8fc1329c_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:55bae2098ea48527447b5c2ec1c7097be824c995efbe3965d8f0062df213f353_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64455f263717b320daa11658c69fadf653dca717011bf99a311fc40f539909bc_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:90c9e53707dab0ab5d459c831c7261c44a34e30010a456f6b7d4aa941e945567_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T14:08:59+00:00",
"details": "See Kiali 2.17.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36b721aa3905d1968d59ac8c7b7a94452a789ec3b6421e42f0b9f02cac510a93_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b12f2c95748fe15693f868f504c583fddd6a70eb158061b2f924d360ac5e2b34_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bae8264c3e4095670361ed400dc82020782ba8117a58a738b09d21c49ec348d9_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f7958a05b7f26028bea2790065f5acc00f28e13501919b5ab66074fabf3e04c1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5130"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4f0d6107986e9d5e938a7e91167d07101271d6888edaf928a2e3bb7f8fc1329c_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:55bae2098ea48527447b5c2ec1c7097be824c995efbe3965d8f0062df213f353_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64455f263717b320daa11658c69fadf653dca717011bf99a311fc40f539909bc_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:90c9e53707dab0ab5d459c831c7261c44a34e30010a456f6b7d4aa941e945567_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36b721aa3905d1968d59ac8c7b7a94452a789ec3b6421e42f0b9f02cac510a93_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b12f2c95748fe15693f868f504c583fddd6a70eb158061b2f924d360ac5e2b34_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bae8264c3e4095670361ed400dc82020782ba8117a58a738b09d21c49ec348d9_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f7958a05b7f26028bea2790065f5acc00f28e13501919b5ab66074fabf3e04c1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4f0d6107986e9d5e938a7e91167d07101271d6888edaf928a2e3bb7f8fc1329c_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:55bae2098ea48527447b5c2ec1c7097be824c995efbe3965d8f0062df213f353_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64455f263717b320daa11658c69fadf653dca717011bf99a311fc40f539909bc_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:90c9e53707dab0ab5d459c831c7261c44a34e30010a456f6b7d4aa941e945567_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36b721aa3905d1968d59ac8c7b7a94452a789ec3b6421e42f0b9f02cac510a93_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b12f2c95748fe15693f868f504c583fddd6a70eb158061b2f924d360ac5e2b34_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bae8264c3e4095670361ed400dc82020782ba8117a58a738b09d21c49ec348d9_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f7958a05b7f26028bea2790065f5acc00f28e13501919b5ab66074fabf3e04c1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4f0d6107986e9d5e938a7e91167d07101271d6888edaf928a2e3bb7f8fc1329c_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:55bae2098ea48527447b5c2ec1c7097be824c995efbe3965d8f0062df213f353_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64455f263717b320daa11658c69fadf653dca717011bf99a311fc40f539909bc_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:90c9e53707dab0ab5d459c831c7261c44a34e30010a456f6b7d4aa941e945567_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36b721aa3905d1968d59ac8c7b7a94452a789ec3b6421e42f0b9f02cac510a93_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b12f2c95748fe15693f868f504c583fddd6a70eb158061b2f924d360ac5e2b34_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bae8264c3e4095670361ed400dc82020782ba8117a58a738b09d21c49ec348d9_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f7958a05b7f26028bea2790065f5acc00f28e13501919b5ab66074fabf3e04c1_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4f0d6107986e9d5e938a7e91167d07101271d6888edaf928a2e3bb7f8fc1329c_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:55bae2098ea48527447b5c2ec1c7097be824c995efbe3965d8f0062df213f353_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64455f263717b320daa11658c69fadf653dca717011bf99a311fc40f539909bc_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:90c9e53707dab0ab5d459c831c7261c44a34e30010a456f6b7d4aa941e945567_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T14:08:59+00:00",
"details": "See Kiali 2.17.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36b721aa3905d1968d59ac8c7b7a94452a789ec3b6421e42f0b9f02cac510a93_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b12f2c95748fe15693f868f504c583fddd6a70eb158061b2f924d360ac5e2b34_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bae8264c3e4095670361ed400dc82020782ba8117a58a738b09d21c49ec348d9_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f7958a05b7f26028bea2790065f5acc00f28e13501919b5ab66074fabf3e04c1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5130"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:4f0d6107986e9d5e938a7e91167d07101271d6888edaf928a2e3bb7f8fc1329c_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:55bae2098ea48527447b5c2ec1c7097be824c995efbe3965d8f0062df213f353_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64455f263717b320daa11658c69fadf653dca717011bf99a311fc40f539909bc_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:90c9e53707dab0ab5d459c831c7261c44a34e30010a456f6b7d4aa941e945567_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36b721aa3905d1968d59ac8c7b7a94452a789ec3b6421e42f0b9f02cac510a93_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b12f2c95748fe15693f868f504c583fddd6a70eb158061b2f924d360ac5e2b34_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bae8264c3e4095670361ed400dc82020782ba8117a58a738b09d21c49ec348d9_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f7958a05b7f26028bea2790065f5acc00f28e13501919b5ab66074fabf3e04c1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:5131
Vulnerability from csaf_redhat - Published: 2026-03-19 14:08 - Updated: 2026-05-26 09:05Summary
Red Hat Security Advisory: Kiali 2.11.8 for Red Hat OpenShift Service Mesh 3.1
Severity
Important
Notes
Topic: Kiali 2.11.8 for Red Hat OpenShift Service Mesh 3.1
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Kiali 2.11.8, for Red Hat OpenShift Service Mesh 3.1, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.
Security Fix(es):
* kiali-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* kiali-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:110c2d89711dc09ef64ab194997710fa9fcb425ce98567366cedbec8385348d3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1ea4ceadb3c16b2819de87a361c2963ba5221eb487c383a38f571c2cb4621669_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8a0cd7af8acc148468fe8ac718e0d80687e6c59372f0e3f87393a72482fc1277_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e48de806d43e401584c78ae25691b9edf4a93396fa3ed459e403282f95564a56_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1454f58ab00a466be972c9fb8b25524a969e1a196d5770864e0d8a712ec5a13c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa26823292475d756abc269fae2299e9efec5a00c723a6d556915839a7fb4b11_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa296799ebe885ac5d29aca2a1794204eb97cf6748a02cfe75632aae173ebe50_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cb3b7b9f73df5e57ec9e56ba8aa3ab648331694855a3efab5db402cb74d17e34_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:110c2d89711dc09ef64ab194997710fa9fcb425ce98567366cedbec8385348d3_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1ea4ceadb3c16b2819de87a361c2963ba5221eb487c383a38f571c2cb4621669_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8a0cd7af8acc148468fe8ac718e0d80687e6c59372f0e3f87393a72482fc1277_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e48de806d43e401584c78ae25691b9edf4a93396fa3ed459e403282f95564a56_s390x | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1454f58ab00a466be972c9fb8b25524a969e1a196d5770864e0d8a712ec5a13c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa26823292475d756abc269fae2299e9efec5a00c723a6d556915839a7fb4b11_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa296799ebe885ac5d29aca2a1794204eb97cf6748a02cfe75632aae173ebe50_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cb3b7b9f73df5e57ec9e56ba8aa3ab648331694855a3efab5db402cb74d17e34_arm64 | — |
Threats
Impact
Moderate
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.11.8 for Red Hat OpenShift Service Mesh 3.1\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.11.8, for Red Hat OpenShift Service Mesh 3.1, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* kiali-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* kiali-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5131",
"url": "https://access.redhat.com/errata/RHSA-2026:5131"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61726",
"url": "https://access.redhat.com/security/cve/cve-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-68121",
"url": "https://access.redhat.com/security/cve/cve-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5131.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.11.8 for Red Hat OpenShift Service Mesh 3.1",
"tracking": {
"current_release_date": "2026-05-26T09:05:31+00:00",
"generator": {
"date": "2026-05-26T09:05:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:5131",
"initial_release_date": "2026-03-19T14:08:55+00:00",
"revision_history": [
{
"date": "2026-03-19T14:08:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T14:09:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:05:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.1",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8a0cd7af8acc148468fe8ac718e0d80687e6c59372f0e3f87393a72482fc1277_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8a0cd7af8acc148468fe8ac718e0d80687e6c59372f0e3f87393a72482fc1277_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8a0cd7af8acc148468fe8ac718e0d80687e6c59372f0e3f87393a72482fc1277_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A8a0cd7af8acc148468fe8ac718e0d80687e6c59372f0e3f87393a72482fc1277?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773060321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1454f58ab00a466be972c9fb8b25524a969e1a196d5770864e0d8a712ec5a13c_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1454f58ab00a466be972c9fb8b25524a969e1a196d5770864e0d8a712ec5a13c_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1454f58ab00a466be972c9fb8b25524a969e1a196d5770864e0d8a712ec5a13c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A1454f58ab00a466be972c9fb8b25524a969e1a196d5770864e0d8a712ec5a13c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773060068"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1ea4ceadb3c16b2819de87a361c2963ba5221eb487c383a38f571c2cb4621669_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1ea4ceadb3c16b2819de87a361c2963ba5221eb487c383a38f571c2cb4621669_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1ea4ceadb3c16b2819de87a361c2963ba5221eb487c383a38f571c2cb4621669_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A1ea4ceadb3c16b2819de87a361c2963ba5221eb487c383a38f571c2cb4621669?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773060321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cb3b7b9f73df5e57ec9e56ba8aa3ab648331694855a3efab5db402cb74d17e34_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cb3b7b9f73df5e57ec9e56ba8aa3ab648331694855a3efab5db402cb74d17e34_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cb3b7b9f73df5e57ec9e56ba8aa3ab648331694855a3efab5db402cb74d17e34_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Acb3b7b9f73df5e57ec9e56ba8aa3ab648331694855a3efab5db402cb74d17e34?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773060068"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:110c2d89711dc09ef64ab194997710fa9fcb425ce98567366cedbec8385348d3_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:110c2d89711dc09ef64ab194997710fa9fcb425ce98567366cedbec8385348d3_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:110c2d89711dc09ef64ab194997710fa9fcb425ce98567366cedbec8385348d3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A110c2d89711dc09ef64ab194997710fa9fcb425ce98567366cedbec8385348d3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773060321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa26823292475d756abc269fae2299e9efec5a00c723a6d556915839a7fb4b11_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa26823292475d756abc269fae2299e9efec5a00c723a6d556915839a7fb4b11_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa26823292475d756abc269fae2299e9efec5a00c723a6d556915839a7fb4b11_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Aaa26823292475d756abc269fae2299e9efec5a00c723a6d556915839a7fb4b11?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773060068"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e48de806d43e401584c78ae25691b9edf4a93396fa3ed459e403282f95564a56_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e48de806d43e401584c78ae25691b9edf4a93396fa3ed459e403282f95564a56_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e48de806d43e401584c78ae25691b9edf4a93396fa3ed459e403282f95564a56_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Ae48de806d43e401584c78ae25691b9edf4a93396fa3ed459e403282f95564a56?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773060321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa296799ebe885ac5d29aca2a1794204eb97cf6748a02cfe75632aae173ebe50_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa296799ebe885ac5d29aca2a1794204eb97cf6748a02cfe75632aae173ebe50_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa296799ebe885ac5d29aca2a1794204eb97cf6748a02cfe75632aae173ebe50_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Aaa296799ebe885ac5d29aca2a1794204eb97cf6748a02cfe75632aae173ebe50?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773060068"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1454f58ab00a466be972c9fb8b25524a969e1a196d5770864e0d8a712ec5a13c_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1454f58ab00a466be972c9fb8b25524a969e1a196d5770864e0d8a712ec5a13c_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1454f58ab00a466be972c9fb8b25524a969e1a196d5770864e0d8a712ec5a13c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa26823292475d756abc269fae2299e9efec5a00c723a6d556915839a7fb4b11_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa26823292475d756abc269fae2299e9efec5a00c723a6d556915839a7fb4b11_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa26823292475d756abc269fae2299e9efec5a00c723a6d556915839a7fb4b11_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa296799ebe885ac5d29aca2a1794204eb97cf6748a02cfe75632aae173ebe50_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa296799ebe885ac5d29aca2a1794204eb97cf6748a02cfe75632aae173ebe50_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa296799ebe885ac5d29aca2a1794204eb97cf6748a02cfe75632aae173ebe50_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cb3b7b9f73df5e57ec9e56ba8aa3ab648331694855a3efab5db402cb74d17e34_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cb3b7b9f73df5e57ec9e56ba8aa3ab648331694855a3efab5db402cb74d17e34_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cb3b7b9f73df5e57ec9e56ba8aa3ab648331694855a3efab5db402cb74d17e34_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:110c2d89711dc09ef64ab194997710fa9fcb425ce98567366cedbec8385348d3_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:110c2d89711dc09ef64ab194997710fa9fcb425ce98567366cedbec8385348d3_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:110c2d89711dc09ef64ab194997710fa9fcb425ce98567366cedbec8385348d3_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1ea4ceadb3c16b2819de87a361c2963ba5221eb487c383a38f571c2cb4621669_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1ea4ceadb3c16b2819de87a361c2963ba5221eb487c383a38f571c2cb4621669_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1ea4ceadb3c16b2819de87a361c2963ba5221eb487c383a38f571c2cb4621669_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8a0cd7af8acc148468fe8ac718e0d80687e6c59372f0e3f87393a72482fc1277_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8a0cd7af8acc148468fe8ac718e0d80687e6c59372f0e3f87393a72482fc1277_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8a0cd7af8acc148468fe8ac718e0d80687e6c59372f0e3f87393a72482fc1277_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e48de806d43e401584c78ae25691b9edf4a93396fa3ed459e403282f95564a56_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e48de806d43e401584c78ae25691b9edf4a93396fa3ed459e403282f95564a56_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e48de806d43e401584c78ae25691b9edf4a93396fa3ed459e403282f95564a56_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1454f58ab00a466be972c9fb8b25524a969e1a196d5770864e0d8a712ec5a13c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa26823292475d756abc269fae2299e9efec5a00c723a6d556915839a7fb4b11_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa296799ebe885ac5d29aca2a1794204eb97cf6748a02cfe75632aae173ebe50_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cb3b7b9f73df5e57ec9e56ba8aa3ab648331694855a3efab5db402cb74d17e34_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:110c2d89711dc09ef64ab194997710fa9fcb425ce98567366cedbec8385348d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1ea4ceadb3c16b2819de87a361c2963ba5221eb487c383a38f571c2cb4621669_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8a0cd7af8acc148468fe8ac718e0d80687e6c59372f0e3f87393a72482fc1277_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e48de806d43e401584c78ae25691b9edf4a93396fa3ed459e403282f95564a56_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1454f58ab00a466be972c9fb8b25524a969e1a196d5770864e0d8a712ec5a13c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa26823292475d756abc269fae2299e9efec5a00c723a6d556915839a7fb4b11_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa296799ebe885ac5d29aca2a1794204eb97cf6748a02cfe75632aae173ebe50_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cb3b7b9f73df5e57ec9e56ba8aa3ab648331694855a3efab5db402cb74d17e34_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T14:08:55+00:00",
"details": "See Kiali 2.11.8 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:110c2d89711dc09ef64ab194997710fa9fcb425ce98567366cedbec8385348d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1ea4ceadb3c16b2819de87a361c2963ba5221eb487c383a38f571c2cb4621669_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8a0cd7af8acc148468fe8ac718e0d80687e6c59372f0e3f87393a72482fc1277_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e48de806d43e401584c78ae25691b9edf4a93396fa3ed459e403282f95564a56_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5131"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1454f58ab00a466be972c9fb8b25524a969e1a196d5770864e0d8a712ec5a13c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa26823292475d756abc269fae2299e9efec5a00c723a6d556915839a7fb4b11_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa296799ebe885ac5d29aca2a1794204eb97cf6748a02cfe75632aae173ebe50_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cb3b7b9f73df5e57ec9e56ba8aa3ab648331694855a3efab5db402cb74d17e34_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:110c2d89711dc09ef64ab194997710fa9fcb425ce98567366cedbec8385348d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1ea4ceadb3c16b2819de87a361c2963ba5221eb487c383a38f571c2cb4621669_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8a0cd7af8acc148468fe8ac718e0d80687e6c59372f0e3f87393a72482fc1277_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e48de806d43e401584c78ae25691b9edf4a93396fa3ed459e403282f95564a56_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1454f58ab00a466be972c9fb8b25524a969e1a196d5770864e0d8a712ec5a13c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa26823292475d756abc269fae2299e9efec5a00c723a6d556915839a7fb4b11_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa296799ebe885ac5d29aca2a1794204eb97cf6748a02cfe75632aae173ebe50_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cb3b7b9f73df5e57ec9e56ba8aa3ab648331694855a3efab5db402cb74d17e34_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:110c2d89711dc09ef64ab194997710fa9fcb425ce98567366cedbec8385348d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1ea4ceadb3c16b2819de87a361c2963ba5221eb487c383a38f571c2cb4621669_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8a0cd7af8acc148468fe8ac718e0d80687e6c59372f0e3f87393a72482fc1277_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e48de806d43e401584c78ae25691b9edf4a93396fa3ed459e403282f95564a56_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1454f58ab00a466be972c9fb8b25524a969e1a196d5770864e0d8a712ec5a13c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa26823292475d756abc269fae2299e9efec5a00c723a6d556915839a7fb4b11_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa296799ebe885ac5d29aca2a1794204eb97cf6748a02cfe75632aae173ebe50_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cb3b7b9f73df5e57ec9e56ba8aa3ab648331694855a3efab5db402cb74d17e34_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:110c2d89711dc09ef64ab194997710fa9fcb425ce98567366cedbec8385348d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1ea4ceadb3c16b2819de87a361c2963ba5221eb487c383a38f571c2cb4621669_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8a0cd7af8acc148468fe8ac718e0d80687e6c59372f0e3f87393a72482fc1277_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e48de806d43e401584c78ae25691b9edf4a93396fa3ed459e403282f95564a56_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1454f58ab00a466be972c9fb8b25524a969e1a196d5770864e0d8a712ec5a13c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa26823292475d756abc269fae2299e9efec5a00c723a6d556915839a7fb4b11_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa296799ebe885ac5d29aca2a1794204eb97cf6748a02cfe75632aae173ebe50_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cb3b7b9f73df5e57ec9e56ba8aa3ab648331694855a3efab5db402cb74d17e34_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T14:08:55+00:00",
"details": "See Kiali 2.11.8 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:110c2d89711dc09ef64ab194997710fa9fcb425ce98567366cedbec8385348d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1ea4ceadb3c16b2819de87a361c2963ba5221eb487c383a38f571c2cb4621669_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8a0cd7af8acc148468fe8ac718e0d80687e6c59372f0e3f87393a72482fc1277_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e48de806d43e401584c78ae25691b9edf4a93396fa3ed459e403282f95564a56_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5131"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1454f58ab00a466be972c9fb8b25524a969e1a196d5770864e0d8a712ec5a13c_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa26823292475d756abc269fae2299e9efec5a00c723a6d556915839a7fb4b11_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:aa296799ebe885ac5d29aca2a1794204eb97cf6748a02cfe75632aae173ebe50_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cb3b7b9f73df5e57ec9e56ba8aa3ab648331694855a3efab5db402cb74d17e34_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:110c2d89711dc09ef64ab194997710fa9fcb425ce98567366cedbec8385348d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1ea4ceadb3c16b2819de87a361c2963ba5221eb487c383a38f571c2cb4621669_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:8a0cd7af8acc148468fe8ac718e0d80687e6c59372f0e3f87393a72482fc1277_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e48de806d43e401584c78ae25691b9edf4a93396fa3ed459e403282f95564a56_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…