Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-32281 (GCVE-0-2026-32281)
Vulnerability from cvelistv5 – Published: 2026-04-08 01:06 – Updated: 2026-04-13 18:19- CWE-407 - Inefficient Algorithmic Complexity
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/x509 |
Affected:
0 , < 1.25.9
(semver)
Affected: 1.26.0-0 , < 1.26.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-32281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T17:52:37.734298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T18:19:44.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/x509",
"product": "crypto/x509",
"programRoutines": [
{
"name": "policiesValid"
},
{
"name": "Certificate.Verify"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.25.9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.26.2",
"status": "affected",
"version": "1.26.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jakub Ciolek - https://ciolek.dev"
}
],
"descriptions": [
{
"lang": "en",
"value": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-407: Inefficient Algorithmic Complexity",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T01:06:58.354Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/758061"
},
{
"url": "https://go.dev/issue/78281"
},
{
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"title": "Inefficient policy validation in crypto/x509"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-32281",
"datePublished": "2026-04-08T01:06:58.354Z",
"dateReserved": "2026-03-11T16:38:46.556Z",
"dateUpdated": "2026-04-13T18:19:44.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-32281",
"date": "2026-07-13",
"epss": "0.00349",
"percentile": "0.27015"
},
"microsoft_vex": {
"current_release_date": "2026-06-23T14:43:31.000Z",
"cve": "CVE-2026-32281",
"id": "msrc_CVE-2026-32281",
"initial_release_date": "2026-04-02T00:00:00.000Z",
"product_status:known_affected": "7",
"product_status:known_not_affected": "8",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "Inefficient policy validation in crypto/x509",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-32281.json",
"version": "6"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-32281\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-04-08T02:16:03.350\",\"lastModified\":\"2026-06-17T10:35:28.980\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"crypto/x509\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"crypto/x509\",\"programRoutines\":[{\"name\":\"policiesValid\"},{\"name\":\"Certificate.Verify\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.25.9\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.26.0-0\",\"lessThan\":\"1.26.2\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-04-13T17:52:37.734298Z\",\"id\":\"CVE-2026-32281\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.25.9\",\"matchCriteriaId\":\"C6C9C072-9817-402D-877F-F83584B07017\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.26.0\",\"versionEndExcluding\":\"1.26.2\",\"matchCriteriaId\":\"39FE9BAF-55E9-43AA-B14E-239E7EF1D65D\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/758061\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/78281\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4946\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"redhat_vex": {
"aggregate_severity": "Moderate",
"current_release_date": "2026-07-13T17:31:43+00:00",
"cve": "CVE-2026-32281",
"id": "CVE-2026-32281",
"initial_release_date": "2026-04-08T01:06:58.354000+00:00",
"product_status:fixed": "1123",
"product_status:known_affected": "261",
"product_status:known_not_affected": "1104",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32281.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-32281\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-13T17:52:37.734298Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-13T17:52:33.394Z\"}}], \"cna\": {\"title\": \"Inefficient policy validation in crypto/x509\", \"credits\": [{\"lang\": \"en\", \"value\": \"Jakub Ciolek - https://ciolek.dev\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/x509\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.25.9\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.26.0-0\", \"lessThan\": \"1.26.2\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/x509\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"policiesValid\"}, {\"name\": \"Certificate.Verify\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/758061\"}, {\"url\": \"https://go.dev/issue/78281\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4946\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-407: Inefficient Algorithmic Complexity\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-04-08T01:06:58.354Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-32281\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-13T18:19:44.779Z\", \"dateReserved\": \"2026-03-11T16:38:46.556Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-04-08T01:06:58.354Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:27711
Vulnerability from csaf_redhat - Published: 2026-06-22 02:03 - Updated: 2026-07-13 17:31A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for osbuild-composer is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:27711",
"url": "https://access.redhat.com/errata/RHSA-2026:27711"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27711.json"
}
],
"title": "Red Hat Security Advisory: osbuild-composer security update",
"tracking": {
"current_release_date": "2026-07-13T17:31:57+00:00",
"generator": {
"date": "2026-07-13T17:31:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:27711",
"initial_release_date": "2026-06-22T02:03:31+00:00",
"revision_history": [
{
"date": "2026-06-22T02:03:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-22T02:03:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T17:31:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:134.1-8.el10_0.src",
"product": {
"name": "osbuild-composer-0:134.1-8.el10_0.src",
"product_id": "osbuild-composer-0:134.1-8.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@134.1-8.el10_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:134.1-8.el10_0.aarch64",
"product": {
"name": "osbuild-composer-0:134.1-8.el10_0.aarch64",
"product_id": "osbuild-composer-0:134.1-8.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@134.1-8.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:134.1-8.el10_0.aarch64",
"product": {
"name": "osbuild-composer-core-0:134.1-8.el10_0.aarch64",
"product_id": "osbuild-composer-core-0:134.1-8.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@134.1-8.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:134.1-8.el10_0.aarch64",
"product": {
"name": "osbuild-composer-worker-0:134.1-8.el10_0.aarch64",
"product_id": "osbuild-composer-worker-0:134.1-8.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@134.1-8.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:134.1-8.el10_0.aarch64",
"product": {
"name": "osbuild-composer-debugsource-0:134.1-8.el10_0.aarch64",
"product_id": "osbuild-composer-debugsource-0:134.1-8.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@134.1-8.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.aarch64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.aarch64",
"product_id": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@134.1-8.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.aarch64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.aarch64",
"product_id": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@134.1-8.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.aarch64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.aarch64",
"product_id": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@134.1-8.el10_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:134.1-8.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-0:134.1-8.el10_0.ppc64le",
"product_id": "osbuild-composer-0:134.1-8.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@134.1-8.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:134.1-8.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-core-0:134.1-8.el10_0.ppc64le",
"product_id": "osbuild-composer-core-0:134.1-8.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@134.1-8.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:134.1-8.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-worker-0:134.1-8.el10_0.ppc64le",
"product_id": "osbuild-composer-worker-0:134.1-8.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@134.1-8.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:134.1-8.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-debugsource-0:134.1-8.el10_0.ppc64le",
"product_id": "osbuild-composer-debugsource-0:134.1-8.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@134.1-8.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.ppc64le",
"product_id": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@134.1-8.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.ppc64le",
"product_id": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@134.1-8.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.ppc64le",
"product_id": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@134.1-8.el10_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:134.1-8.el10_0.s390x",
"product": {
"name": "osbuild-composer-0:134.1-8.el10_0.s390x",
"product_id": "osbuild-composer-0:134.1-8.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@134.1-8.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:134.1-8.el10_0.s390x",
"product": {
"name": "osbuild-composer-core-0:134.1-8.el10_0.s390x",
"product_id": "osbuild-composer-core-0:134.1-8.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@134.1-8.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:134.1-8.el10_0.s390x",
"product": {
"name": "osbuild-composer-worker-0:134.1-8.el10_0.s390x",
"product_id": "osbuild-composer-worker-0:134.1-8.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@134.1-8.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:134.1-8.el10_0.s390x",
"product": {
"name": "osbuild-composer-debugsource-0:134.1-8.el10_0.s390x",
"product_id": "osbuild-composer-debugsource-0:134.1-8.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@134.1-8.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.s390x",
"product": {
"name": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.s390x",
"product_id": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@134.1-8.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.s390x",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.s390x",
"product_id": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@134.1-8.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.s390x",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.s390x",
"product_id": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@134.1-8.el10_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:134.1-8.el10_0.x86_64",
"product": {
"name": "osbuild-composer-0:134.1-8.el10_0.x86_64",
"product_id": "osbuild-composer-0:134.1-8.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@134.1-8.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:134.1-8.el10_0.x86_64",
"product": {
"name": "osbuild-composer-core-0:134.1-8.el10_0.x86_64",
"product_id": "osbuild-composer-core-0:134.1-8.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@134.1-8.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:134.1-8.el10_0.x86_64",
"product": {
"name": "osbuild-composer-worker-0:134.1-8.el10_0.x86_64",
"product_id": "osbuild-composer-worker-0:134.1-8.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@134.1-8.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:134.1-8.el10_0.x86_64",
"product": {
"name": "osbuild-composer-debugsource-0:134.1-8.el10_0.x86_64",
"product_id": "osbuild-composer-debugsource-0:134.1-8.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@134.1-8.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.x86_64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.x86_64",
"product_id": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@134.1-8.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.x86_64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.x86_64",
"product_id": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@134.1-8.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.x86_64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.x86_64",
"product_id": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@134.1-8.el10_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:134.1-8.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.aarch64"
},
"product_reference": "osbuild-composer-0:134.1-8.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:134.1-8.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-0:134.1-8.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:134.1-8.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.s390x"
},
"product_reference": "osbuild-composer-0:134.1-8.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:134.1-8.el10_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.src"
},
"product_reference": "osbuild-composer-0:134.1-8.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:134.1-8.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.x86_64"
},
"product_reference": "osbuild-composer-0:134.1-8.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:134.1-8.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.aarch64"
},
"product_reference": "osbuild-composer-core-0:134.1-8.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:134.1-8.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-core-0:134.1-8.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:134.1-8.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.s390x"
},
"product_reference": "osbuild-composer-core-0:134.1-8.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:134.1-8.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.x86_64"
},
"product_reference": "osbuild-composer-core-0:134.1-8.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.aarch64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.s390x"
},
"product_reference": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:134.1-8.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:134.1-8.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.aarch64"
},
"product_reference": "osbuild-composer-debugsource-0:134.1-8.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:134.1-8.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-debugsource-0:134.1-8.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:134.1-8.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.s390x"
},
"product_reference": "osbuild-composer-debugsource-0:134.1-8.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:134.1-8.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:134.1-8.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.aarch64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.s390x"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:134.1-8.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.aarch64"
},
"product_reference": "osbuild-composer-worker-0:134.1-8.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:134.1-8.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-worker-0:134.1-8.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:134.1-8.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.s390x"
},
"product_reference": "osbuild-composer-worker-0:134.1-8.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:134.1-8.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.x86_64"
},
"product_reference": "osbuild-composer-worker-0:134.1-8.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.aarch64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.s390x"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T02:03:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27711"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-8.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-8.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
}
]
}
RHSA-2026:27740
Vulnerability from csaf_redhat - Published: 2026-06-22 04:12 - Updated: 2026-07-13 17:31A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:golang-github-openprinting-ipp-usb-0:0.9.27-7.el10_2.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.aarch64 | — |
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.ppc64le | — |
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.s390x | — |
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.x86_64 | — |
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.aarch64 | — |
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.ppc64le | — |
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.s390x | — |
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.x86_64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for golang-github-openprinting-ipp-usb is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables\n driverless support for USB devices capable of using IPP-over-USB protocol.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:27740",
"url": "https://access.redhat.com/errata/RHSA-2026:27740"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27740.json"
}
],
"title": "Red Hat Security Advisory: golang-github-openprinting-ipp-usb security update",
"tracking": {
"current_release_date": "2026-07-13T17:31:57+00:00",
"generator": {
"date": "2026-07-13T17:31:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:27740",
"initial_release_date": "2026-06-22T04:12:16+00:00",
"revision_history": [
{
"date": "2026-06-22T04:12:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-22T04:12:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T17:31:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-openprinting-ipp-usb-0:0.9.27-7.el10_2.1.src",
"product": {
"name": "golang-github-openprinting-ipp-usb-0:0.9.27-7.el10_2.1.src",
"product_id": "golang-github-openprinting-ipp-usb-0:0.9.27-7.el10_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-openprinting-ipp-usb@0.9.27-7.el10_2.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ipp-usb-0:0.9.27-7.el10_2.1.aarch64",
"product": {
"name": "ipp-usb-0:0.9.27-7.el10_2.1.aarch64",
"product_id": "ipp-usb-0:0.9.27-7.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipp-usb@0.9.27-7.el10_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.aarch64",
"product": {
"name": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.aarch64",
"product_id": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-openprinting-ipp-usb-debugsource@0.9.27-7.el10_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.aarch64",
"product": {
"name": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.aarch64",
"product_id": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipp-usb-debuginfo@0.9.27-7.el10_2.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ipp-usb-0:0.9.27-7.el10_2.1.ppc64le",
"product": {
"name": "ipp-usb-0:0.9.27-7.el10_2.1.ppc64le",
"product_id": "ipp-usb-0:0.9.27-7.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipp-usb@0.9.27-7.el10_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.ppc64le",
"product": {
"name": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.ppc64le",
"product_id": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-openprinting-ipp-usb-debugsource@0.9.27-7.el10_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.ppc64le",
"product": {
"name": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.ppc64le",
"product_id": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipp-usb-debuginfo@0.9.27-7.el10_2.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ipp-usb-0:0.9.27-7.el10_2.1.s390x",
"product": {
"name": "ipp-usb-0:0.9.27-7.el10_2.1.s390x",
"product_id": "ipp-usb-0:0.9.27-7.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipp-usb@0.9.27-7.el10_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.s390x",
"product": {
"name": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.s390x",
"product_id": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-openprinting-ipp-usb-debugsource@0.9.27-7.el10_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.s390x",
"product": {
"name": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.s390x",
"product_id": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipp-usb-debuginfo@0.9.27-7.el10_2.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ipp-usb-0:0.9.27-7.el10_2.1.x86_64",
"product": {
"name": "ipp-usb-0:0.9.27-7.el10_2.1.x86_64",
"product_id": "ipp-usb-0:0.9.27-7.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipp-usb@0.9.27-7.el10_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.x86_64",
"product": {
"name": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.x86_64",
"product_id": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-openprinting-ipp-usb-debugsource@0.9.27-7.el10_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.x86_64",
"product": {
"name": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.x86_64",
"product_id": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipp-usb-debuginfo@0.9.27-7.el10_2.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-openprinting-ipp-usb-0:0.9.27-7.el10_2.1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:golang-github-openprinting-ipp-usb-0:0.9.27-7.el10_2.1.src"
},
"product_reference": "golang-github-openprinting-ipp-usb-0:0.9.27-7.el10_2.1.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.aarch64"
},
"product_reference": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.ppc64le"
},
"product_reference": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.s390x"
},
"product_reference": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.x86_64"
},
"product_reference": "golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipp-usb-0:0.9.27-7.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.aarch64"
},
"product_reference": "ipp-usb-0:0.9.27-7.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipp-usb-0:0.9.27-7.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.ppc64le"
},
"product_reference": "ipp-usb-0:0.9.27-7.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipp-usb-0:0.9.27-7.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.s390x"
},
"product_reference": "ipp-usb-0:0.9.27-7.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipp-usb-0:0.9.27-7.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.x86_64"
},
"product_reference": "ipp-usb-0:0.9.27-7.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.aarch64"
},
"product_reference": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.ppc64le"
},
"product_reference": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.s390x"
},
"product_reference": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.x86_64"
},
"product_reference": "ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.aarch64",
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.ppc64le",
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.s390x",
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.x86_64",
"AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.aarch64",
"AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.ppc64le",
"AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.s390x",
"AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-0:0.9.27-7.el10_2.1.src",
"AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.aarch64",
"AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.ppc64le",
"AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.s390x",
"AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.x86_64"
],
"known_not_affected": [
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.aarch64",
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.ppc64le",
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.s390x",
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.x86_64",
"AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.aarch64",
"AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.ppc64le",
"AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.s390x",
"AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T04:12:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-0:0.9.27-7.el10_2.1.src",
"AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.aarch64",
"AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.ppc64le",
"AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.s390x",
"AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27740"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-0:0.9.27-7.el10_2.1.src",
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.aarch64",
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.ppc64le",
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.s390x",
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.x86_64",
"AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.aarch64",
"AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.ppc64le",
"AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.s390x",
"AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.x86_64",
"AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.aarch64",
"AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.ppc64le",
"AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.s390x",
"AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-0:0.9.27-7.el10_2.1.src",
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.aarch64",
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.ppc64le",
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.s390x",
"AppStream-10.2.Z:golang-github-openprinting-ipp-usb-debugsource-0:0.9.27-7.el10_2.1.x86_64",
"AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.aarch64",
"AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.ppc64le",
"AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.s390x",
"AppStream-10.2.Z:ipp-usb-0:0.9.27-7.el10_2.1.x86_64",
"AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.aarch64",
"AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.ppc64le",
"AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.s390x",
"AppStream-10.2.Z:ipp-usb-debuginfo-0:0.9.27-7.el10_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
}
]
}
RHSA-2026:28010
Vulnerability from csaf_redhat - Published: 2026-06-22 17:15 - Updated: 2026-07-13 17:31A flaw was found in Apache Thrift c_glib language bindings. A remote attacker could send specially crafted requests to a c_glib-based Thrift server, leading to a mismatched memory management routines vulnerability. This could cause the server to crash with a "free(): invalid pointer" error, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
Workaround
|
A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and execute arbitrary code in the user's browser, leading to Cross-Site Scripting (XSS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
Workaround
|
A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected behavior or potential bypass of security controls on the proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
A flaw was found in Netty. Netty's DNS (Domain Name System) codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the encoder through user-influenced hostnames, leading to a high integrity impact on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
Workaround
|
A flaw was found in Netty's HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both `Transfer-Encoding: chunked` and `Content-Length` headers. While Netty correctly strips the conflicting `Content-Length` header for HTTP/1.1 messages, this guard is absent for HTTP/1.0. This can lead to HTTP request smuggling, where downstream proxies or handlers may misinterpret message boundaries, potentially allowing an attacker to bypass security controls or access unauthorized information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
Workaround
|
A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses (103, followed by a 200 with a GET body, then another 200 for a HEAD request) when the client pipelines GET then HEAD requests. This can cause the HttpClientCodec to incorrectly pair responses, leading to subsequent HTTP responses being parsed from the wrong offset. This issue may result in information disclosure or other data integrity problems due to misinterpretation of network traffic.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
Workaround
|
A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for the Red Hat build of Cryostat 4 on RHEL 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "An update is now available for the Red Hat build of Cryostat 4 on RHEL 9.\n\nSecurity Fix(es):\n\n* DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization (CVE-2026-41240)\n* crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n* shell-quote: Arbitrary code execution via command injection due to unescaped line terminators (CVE-2026-9277)\n* Apache Thrift: Security bypass due to improper certificate validation (CVE-2026-43869)\n* Netty: High integrity impact due to improper DNS domain name constraint enforcement (CVE-2026-42579)\n* Netty: Incorrect HTTP response parsing leads to data confusion (CVE-2026-42584)\n* Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers (CVE-2026-42581)\n* Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation (CVE-2026-42578)\n* Netty: Denial of Service via unbounded memory allocation in HTTP content decompression (CVE-2026-42587)\n* Apache Thrift c_glib: Denial of Service via specially crafted requests (CVE-2025-48431)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:28010",
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "2461147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461147"
},
{
"category": "external",
"summary": "2463410",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463410"
},
{
"category": "external",
"summary": "2466660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466660"
},
{
"category": "external",
"summary": "2477217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477217"
},
{
"category": "external",
"summary": "2477220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477220"
},
{
"category": "external",
"summary": "2477224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477224"
},
{
"category": "external",
"summary": "2477226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477226"
},
{
"category": "external",
"summary": "2477232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477232"
},
{
"category": "external",
"summary": "2480741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28010.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Cryostat security update",
"tracking": {
"current_release_date": "2026-07-13T17:31:57+00:00",
"generator": {
"date": "2026-07-13T17:31:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:28010",
"initial_release_date": "2026-06-22T17:15:26+00:00",
"revision_history": [
{
"date": "2026-06-22T17:15:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-22T17:15:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T17:31:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cryostat 4 on RHEL 9",
"product": {
"name": "Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cryostat:4::el9"
}
}
}
],
"category": "product_family",
"name": "Cryostat"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"product": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"product_id": "cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.7.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"product": {
"name": "cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"product_id": "cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.2.0-16"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"product": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.2.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"product": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.2.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"product": {
"name": "cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"product_id": "cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.2.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"product": {
"name": "cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"product_id": "cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.2.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"product": {
"name": "cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"product_id": "cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.2.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"product": {
"name": "cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"product_id": "cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.2.0-15"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"product": {
"name": "cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"product_id": "cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.2.0-16"
}
}
},
{
"category": "product_version",
"name": "cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"product": {
"name": "cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"product_id": "cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.2.0-10"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"product": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"product_id": "cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.7.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"product": {
"name": "cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"product_id": "cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.2.0-16"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"product": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.2.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"product": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.2.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"product": {
"name": "cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"product_id": "cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.2.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"product": {
"name": "cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"product_id": "cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.2.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"product": {
"name": "cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"product_id": "cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.2.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"product": {
"name": "cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"product_id": "cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.2.0-15"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"product": {
"name": "cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"product_id": "cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.2.0-16"
}
}
},
{
"category": "product_version",
"name": "cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64",
"product": {
"name": "cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64",
"product_id": "cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.2.0-10"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64"
},
"product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64"
},
"product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64"
},
"product_reference": "cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64"
},
"product_reference": "cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64"
},
"product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64"
},
"product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64"
},
"product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64"
},
"product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64"
},
"product_reference": "cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64"
},
"product_reference": "cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64"
},
"product_reference": "cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64"
},
"product_reference": "cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64"
},
"product_reference": "cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64"
},
"product_reference": "cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64"
},
"product_reference": "cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64"
},
"product_reference": "cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64"
},
"product_reference": "cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
},
"product_reference": "cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64"
},
"product_reference": "cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
},
"product_reference": "cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-48431",
"cwe": {
"id": "CWE-763",
"name": "Release of Invalid Pointer or Reference"
},
"discovery_date": "2026-04-28T10:01:26.612789+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463410"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift c_glib language bindings. A remote attacker could send specially crafted requests to a c_glib-based Thrift server, leading to a mismatched memory management routines vulnerability. This could cause the server to crash with a \"free(): invalid pointer\" error, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: c_glib: Apache Thrift c_glib: Denial of Service via specially crafted requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability affecting Apache Thrift c_glib language bindings. Remote attackers can exploit this flaw by sending specially crafted requests to a c_glib-based Thrift server, leading to a server crash and service disruption. This impact is considered Important due to the potential for unauthenticated remote denial of service in Red Hat products that deploy and expose such Thrift servers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48431"
},
{
"category": "external",
"summary": "RHBZ#2463410",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463410"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48431",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48431"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/8",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/8"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:11:44.283000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: c_glib: Apache Thrift c_glib: Denial of Service via specially crafted requests"
},
{
"cve": "CVE-2026-9277",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-05-22T14:01:14.427751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "RHBZ#2480741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote",
"url": "https://github.com/ljharb/shell-quote"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/commit/1518179",
"url": "https://github.com/ljharb/shell-quote/commit/1518179"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p",
"url": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/shell-quote",
"url": "https://www.npmjs.com/package/shell-quote"
}
],
"release_date": "2026-05-22T13:22:38.873000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-41240",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-04-23T16:04:41.751666+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461147"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and execute arbitrary code in the user\u0027s browser, leading to Cross-Site Scripting (XSS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41240"
},
{
"category": "external",
"summary": "RHBZ#2461147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41240"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/c361baa18dbdcb3344a41110f4c48ad85bf48f80",
"url": "https://github.com/cure53/DOMPurify/commit/c361baa18dbdcb3344a41110f4c48ad85bf48f80"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/releases/tag/3.4.0",
"url": "https://github.com/cure53/DOMPurify/releases/tag/3.4.0"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m",
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m"
}
],
"release_date": "2026-04-23T14:54:32.426000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization"
},
{
"cve": "CVE-2026-42578",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-05-13T19:02:00.826936+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477226"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected behavior or potential bypass of security controls on the proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42578"
},
{
"category": "external",
"summary": "RHBZ#2477226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42578",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42578"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr",
"url": "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr"
}
],
"release_date": "2026-05-13T17:57:43.538000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation"
},
{
"cve": "CVE-2026-42579",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-05-13T19:01:25.062732+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477217"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. Netty\u0027s DNS (Domain Name System) codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the encoder through user-influenced hostnames, leading to a high integrity impact on the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important integrity flaw in Netty\u0027s DNS codec. The vulnerability arises from insufficient enforcement of RFC 1035 domain name constraints during both encoding and decoding, allowing remote attackers to manipulate DNS responses or user-controlled hostnames. This could lead to a high integrity impact on affected Red Hat products that utilize the vulnerable Netty DNS codec.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42579"
},
{
"category": "external",
"summary": "RHBZ#2477217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477217"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42579",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42579"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm",
"url": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm"
}
],
"release_date": "2026-05-13T18:01:52.500000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement"
},
{
"cve": "CVE-2026-42581",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-05-13T19:02:26.404511+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477232"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both `Transfer-Encoding: chunked` and `Content-Length` headers. While Netty correctly strips the conflicting `Content-Length` header for HTTP/1.1 messages, this guard is absent for HTTP/1.0. This can lead to HTTP request smuggling, where downstream proxies or handlers may misinterpret message boundaries, potentially allowing an attacker to bypass security controls or access unauthorized information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw. Netty\u0027s HttpObjectDecoder, used across various Red Hat products, improperly handles conflicting `Transfer-Encoding: chunked` and `Content-Length` headers in HTTP/1.0 requests. This allows a remote attacker to perform HTTP request smuggling, potentially bypassing security controls or gaining unauthorized access to information due to misinterpretation of message boundaries by downstream proxies or handlers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42581"
},
{
"category": "external",
"summary": "RHBZ#2477232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477232"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9",
"url": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9"
}
],
"release_date": "2026-05-13T17:54:44.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
},
{
"category": "workaround",
"details": "To mitigate this issue, configure any reverse proxies or load balancers in front of Netty to either reject HTTP/1.0 requests containing both Transfer-Encoding: chunked and Content-Length headers, or to explicitly prioritize the Transfer-Encoding header over Content-Length for HTTP/1.0 traffic. This ensures consistent interpretation of message boundaries and prevents request smuggling attacks.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers"
},
{
"cve": "CVE-2026-42584",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-05-13T19:01:51.846351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477224"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses (103, followed by a 200 with a GET body, then another 200 for a HEAD request) when the client pipelines GET then HEAD requests. This can cause the HttpClientCodec to incorrectly pair responses, leading to subsequent HTTP responses being parsed from the wrong offset. This issue may result in information disclosure or other data integrity problems due to misinterpretation of network traffic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in Netty\u0027s HttpClientCodec allows a remote attacker to cause data confusion. By sending a specially crafted sequence of HTTP responses, an attacker can cause subsequent HTTP responses to be parsed incorrectly, potentially leading to information disclosure or data integrity issues in applications utilizing Netty for HTTP client operations. This vulnerability affects various Red Hat products that bundle Netty, including Red Hat AMQ, Enterprise Application Platform, Red Hat Build of Quarkus, and Red Hat Build of Keycloak.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42584"
},
{
"category": "external",
"summary": "RHBZ#2477224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477224"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42584"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3",
"url": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3"
}
],
"release_date": "2026-05-13T18:10:48.437000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion"
},
{
"cve": "CVE-2026-42587",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-13T19:01:35.415881+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Netty\u0027s HTTP content decompression. A remote attacker can exploit this flaw by sending specially crafted compressed payloads using Brotli, Zstandard, or Snappy encodings, bypassing configured decompression limits. This leads to unbounded memory allocation, potentially causing an out-of-memory condition and rendering affected Red Hat systems unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42587"
},
{
"category": "external",
"summary": "RHBZ#2477220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42587",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42587"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"
}
],
"release_date": "2026-05-13T18:22:21.699000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression"
},
{
"cve": "CVE-2026-43869",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-05T08:00:56.417384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466660"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43869"
},
{
"category": "external",
"summary": "RHBZ#2466660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466660"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43869",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r",
"url": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r"
}
],
"release_date": "2026-05-05T07:25:48.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation"
}
]
}
RHSA-2026:28074
Vulnerability from csaf_redhat - Published: 2026-06-23 02:26 - Updated: 2026-07-13 23:21A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for skopeo is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. \n\nSecurity Fix(es):\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:28074",
"url": "https://access.redhat.com/errata/RHSA-2026:28074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28074.json"
}
],
"title": "Red Hat Security Advisory: skopeo security update",
"tracking": {
"current_release_date": "2026-07-13T23:21:53+00:00",
"generator": {
"date": "2026-07-13T23:21:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:28074",
"initial_release_date": "2026-06-23T02:26:54+00:00",
"revision_history": [
{
"date": "2026-06-23T02:26:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-23T02:26:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:21:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.22.2-6.el9_8.src",
"product": {
"name": "skopeo-2:1.22.2-6.el9_8.src",
"product_id": "skopeo-2:1.22.2-6.el9_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.22.2-6.el9_8?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.22.2-6.el9_8.aarch64",
"product": {
"name": "skopeo-2:1.22.2-6.el9_8.aarch64",
"product_id": "skopeo-2:1.22.2-6.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.22.2-6.el9_8?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.22.2-6.el9_8.aarch64",
"product": {
"name": "skopeo-tests-2:1.22.2-6.el9_8.aarch64",
"product_id": "skopeo-tests-2:1.22.2-6.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.22.2-6.el9_8?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.22.2-6.el9_8.aarch64",
"product": {
"name": "skopeo-debugsource-2:1.22.2-6.el9_8.aarch64",
"product_id": "skopeo-debugsource-2:1.22.2-6.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.22.2-6.el9_8?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64",
"product": {
"name": "skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64",
"product_id": "skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.22.2-6.el9_8?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.22.2-6.el9_8.ppc64le",
"product": {
"name": "skopeo-2:1.22.2-6.el9_8.ppc64le",
"product_id": "skopeo-2:1.22.2-6.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.22.2-6.el9_8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.22.2-6.el9_8.ppc64le",
"product": {
"name": "skopeo-tests-2:1.22.2-6.el9_8.ppc64le",
"product_id": "skopeo-tests-2:1.22.2-6.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.22.2-6.el9_8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le",
"product": {
"name": "skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le",
"product_id": "skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.22.2-6.el9_8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le",
"product": {
"name": "skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le",
"product_id": "skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.22.2-6.el9_8?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.22.2-6.el9_8.x86_64",
"product": {
"name": "skopeo-2:1.22.2-6.el9_8.x86_64",
"product_id": "skopeo-2:1.22.2-6.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.22.2-6.el9_8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.22.2-6.el9_8.x86_64",
"product": {
"name": "skopeo-tests-2:1.22.2-6.el9_8.x86_64",
"product_id": "skopeo-tests-2:1.22.2-6.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.22.2-6.el9_8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.22.2-6.el9_8.x86_64",
"product": {
"name": "skopeo-debugsource-2:1.22.2-6.el9_8.x86_64",
"product_id": "skopeo-debugsource-2:1.22.2-6.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.22.2-6.el9_8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64",
"product": {
"name": "skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64",
"product_id": "skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.22.2-6.el9_8?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.22.2-6.el9_8.s390x",
"product": {
"name": "skopeo-2:1.22.2-6.el9_8.s390x",
"product_id": "skopeo-2:1.22.2-6.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.22.2-6.el9_8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.22.2-6.el9_8.s390x",
"product": {
"name": "skopeo-tests-2:1.22.2-6.el9_8.s390x",
"product_id": "skopeo-tests-2:1.22.2-6.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.22.2-6.el9_8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.22.2-6.el9_8.s390x",
"product": {
"name": "skopeo-debugsource-2:1.22.2-6.el9_8.s390x",
"product_id": "skopeo-debugsource-2:1.22.2-6.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.22.2-6.el9_8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.22.2-6.el9_8.s390x",
"product": {
"name": "skopeo-debuginfo-2:1.22.2-6.el9_8.s390x",
"product_id": "skopeo-debuginfo-2:1.22.2-6.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.22.2-6.el9_8?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.22.2-6.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.aarch64"
},
"product_reference": "skopeo-2:1.22.2-6.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.22.2-6.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.ppc64le"
},
"product_reference": "skopeo-2:1.22.2-6.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.22.2-6.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.s390x"
},
"product_reference": "skopeo-2:1.22.2-6.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.22.2-6.el9_8.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.src"
},
"product_reference": "skopeo-2:1.22.2-6.el9_8.src",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.22.2-6.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.x86_64"
},
"product_reference": "skopeo-2:1.22.2-6.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64"
},
"product_reference": "skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le"
},
"product_reference": "skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.22.2-6.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.s390x"
},
"product_reference": "skopeo-debuginfo-2:1.22.2-6.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64"
},
"product_reference": "skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.22.2-6.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.aarch64"
},
"product_reference": "skopeo-debugsource-2:1.22.2-6.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le"
},
"product_reference": "skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.22.2-6.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.s390x"
},
"product_reference": "skopeo-debugsource-2:1.22.2-6.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.22.2-6.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.x86_64"
},
"product_reference": "skopeo-debugsource-2:1.22.2-6.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.22.2-6.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.aarch64"
},
"product_reference": "skopeo-tests-2:1.22.2-6.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.22.2-6.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.ppc64le"
},
"product_reference": "skopeo-tests-2:1.22.2-6.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.22.2-6.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.s390x"
},
"product_reference": "skopeo-tests-2:1.22.2-6.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.22.2-6.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.x86_64"
},
"product_reference": "skopeo-tests-2:1.22.2-6.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T02:26:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28074"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T02:26:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28074"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in the Go `crypto/tls` package allows a remote attacker to cause a denial of service in applications using TLS 1.3. By sending multiple key update messages in a single record post-handshake, an attacker can trigger a connection deadlock, leading to uncontrolled resource consumption. This impacts Red Hat products utilizing the affected Go standard library for TLS 1.3 connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T02:26:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28074"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debuginfo-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-debugsource-2:1.22.2-6.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:skopeo-tests-2:1.22.2-6.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
}
]
}
RHSA-2026:28441
Vulnerability from csaf_redhat - Published: 2026-06-23 17:33 - Updated: 2026-07-14 05:25A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64 | — |
Vendor Fix
fix
|
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64 | — |
Vendor Fix
fix
|
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64 | — |
Vendor Fix
fix
|
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64 | — |
Vendor Fix
fix
|
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64 | — |
Vendor Fix
fix
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64 | — |
Vendor Fix
fix
|
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Openshift Mirror Registry v2.0.11",
"title": "Topic"
},
{
"category": "general",
"text": "Openshift Mirror Registry v2.0.11",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:28441",
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32589",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32590",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28441.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Openshift Mirror Registry v2.0.11",
"tracking": {
"current_release_date": "2026-07-14T05:25:47+00:00",
"generator": {
"date": "2026-07-14T05:25:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:28441",
"initial_release_date": "2026-06-23T17:33:12+00:00",
"revision_history": [
{
"date": "2026-06-23T17:33:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-23T17:33:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-14T05:25:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "mirror registry for Red Hat OpenShift 2.0",
"product": {
"name": "mirror registry for Red Hat OpenShift 2.0",
"product_id": "mirror registry for Red Hat OpenShift 2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:mirror_registry:2.0::el8"
}
}
}
],
"category": "product_family",
"name": "mirror registry for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64",
"product": {
"name": "registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64",
"product_id": "registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mirror-registry-rhel8@sha256%3Ad1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e?arch=amd64\u0026repository_url=registry.redhat.io/openshift/mirror-registry-rhel8\u0026tag=1782177012"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"product": {
"name": "registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"product_id": "registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mirror-registry-rhel8@sha256%3A97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift/mirror-registry-rhel8\u0026tag=1782177012"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"product": {
"name": "registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"product_id": "registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mirror-registry-rhel8@sha256%3A8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29?arch=s390x\u0026repository_url=registry.redhat.io/openshift/mirror-registry-rhel8\u0026tag=1782177012"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x as a component of mirror registry for Red Hat OpenShift 2.0",
"product_id": "mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x"
},
"product_reference": "registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"relates_to_product_reference": "mirror registry for Red Hat OpenShift 2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le as a component of mirror registry for Red Hat OpenShift 2.0",
"product_id": "mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le"
},
"product_reference": "registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"relates_to_product_reference": "mirror registry for Red Hat OpenShift 2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64 as a component of mirror registry for Red Hat OpenShift 2.0",
"product_id": "mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
},
"product_reference": "registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64",
"relates_to_product_reference": "mirror registry for Red Hat OpenShift 2.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T17:33:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T17:33:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T17:33:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in urllib3\u0027s streaming API that can lead to excessive resource consumption, including high CPU usage and significant memory allocation. When processing highly compressed data from untrusted sources, even small requested chunks can trigger full decompression, posing a denial-of-service risk to client-side applications utilizing affected urllib3 versions prior to 2.6.0.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T17:33:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T17:33:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T17:33:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T17:33:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T17:33:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T17:33:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32589",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2026-03-12T14:43:07.878000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446963"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user\u0027s in-progress image upload.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: insecure direct object reference in BlobUpload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials to the Quay registry. Unauthenticated users cannot exploit this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "RHBZ#2446963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32589",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32589"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T17:33:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: insecure direct object reference in BlobUpload"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32590",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2026-03-12T14:43:11.443000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446964"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: remote code execution using pickle deserialization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials. The attacker must be authenticated to the registry, either through the web interface or through a container tool such as Podman.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "RHBZ#2446964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446964"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32590",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T17:33:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:8a0035c2841dbc7ae063f1298006ef23509dba3bc02a99f19915033255df4a29_s390x",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:97ecafca4a852ecc1f897eaa54ced5a3301d53981ed6a7f5dee20d3a33db0d48_ppc64le",
"mirror registry for Red Hat OpenShift 2.0:registry.redhat.io/openshift/mirror-registry-rhel8@sha256:d1d86fccb45733d6be9a15f64ea8a6c7953a72d58c95f6b67c7f55dd8107ca9e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mirror-registry: remote code execution using pickle deserialization"
}
]
}
RHSA-2026:29035
Vulnerability from csaf_redhat - Published: 2026-06-24 14:03 - Updated: 2026-07-13 23:20The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for skopeo is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. \n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:29035",
"url": "https://access.redhat.com/errata/RHSA-2026:29035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_29035.json"
}
],
"title": "Red Hat Security Advisory: skopeo security update",
"tracking": {
"current_release_date": "2026-07-13T23:20:39+00:00",
"generator": {
"date": "2026-07-13T23:20:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:29035",
"initial_release_date": "2026-06-24T14:03:17+00:00",
"revision_history": [
{
"date": "2026-06-24T14:03:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-24T14:03:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:20:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.22.2-2.el10_2.src",
"product": {
"name": "skopeo-2:1.22.2-2.el10_2.src",
"product_id": "skopeo-2:1.22.2-2.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.22.2-2.el10_2?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.22.2-2.el10_2.aarch64",
"product": {
"name": "skopeo-2:1.22.2-2.el10_2.aarch64",
"product_id": "skopeo-2:1.22.2-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.22.2-2.el10_2?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"product": {
"name": "skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"product_id": "skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.22.2-2.el10_2?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"product": {
"name": "skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"product_id": "skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.22.2-2.el10_2?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"product": {
"name": "skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"product_id": "skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.22.2-2.el10_2?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.22.2-2.el10_2.ppc64le",
"product": {
"name": "skopeo-2:1.22.2-2.el10_2.ppc64le",
"product_id": "skopeo-2:1.22.2-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.22.2-2.el10_2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"product": {
"name": "skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"product_id": "skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.22.2-2.el10_2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"product": {
"name": "skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"product_id": "skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.22.2-2.el10_2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"product": {
"name": "skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"product_id": "skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.22.2-2.el10_2?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.22.2-2.el10_2.s390x",
"product": {
"name": "skopeo-2:1.22.2-2.el10_2.s390x",
"product_id": "skopeo-2:1.22.2-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.22.2-2.el10_2?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.22.2-2.el10_2.s390x",
"product": {
"name": "skopeo-tests-2:1.22.2-2.el10_2.s390x",
"product_id": "skopeo-tests-2:1.22.2-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.22.2-2.el10_2?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"product": {
"name": "skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"product_id": "skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.22.2-2.el10_2?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"product": {
"name": "skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"product_id": "skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.22.2-2.el10_2?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.22.2-2.el10_2.x86_64",
"product": {
"name": "skopeo-2:1.22.2-2.el10_2.x86_64",
"product_id": "skopeo-2:1.22.2-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.22.2-2.el10_2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.22.2-2.el10_2.x86_64",
"product": {
"name": "skopeo-tests-2:1.22.2-2.el10_2.x86_64",
"product_id": "skopeo-tests-2:1.22.2-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.22.2-2.el10_2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"product": {
"name": "skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"product_id": "skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.22.2-2.el10_2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"product": {
"name": "skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"product_id": "skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.22.2-2.el10_2?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.22.2-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64"
},
"product_reference": "skopeo-2:1.22.2-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.22.2-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le"
},
"product_reference": "skopeo-2:1.22.2-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.22.2-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x"
},
"product_reference": "skopeo-2:1.22.2-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.22.2-2.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src"
},
"product_reference": "skopeo-2:1.22.2-2.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.22.2-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64"
},
"product_reference": "skopeo-2:1.22.2-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64"
},
"product_reference": "skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le"
},
"product_reference": "skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.22.2-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x"
},
"product_reference": "skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64"
},
"product_reference": "skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.22.2-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64"
},
"product_reference": "skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le"
},
"product_reference": "skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.22.2-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x"
},
"product_reference": "skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.22.2-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64"
},
"product_reference": "skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.22.2-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64"
},
"product_reference": "skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.22.2-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le"
},
"product_reference": "skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.22.2-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x"
},
"product_reference": "skopeo-tests-2:1.22.2-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.22.2-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64"
},
"product_reference": "skopeo-tests-2:1.22.2-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T14:03:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29035"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T14:03:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29035"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T14:03:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29035"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in the Go `crypto/tls` package allows a remote attacker to cause a denial of service in applications using TLS 1.3. By sending multiple key update messages in a single record post-handshake, an attacker can trigger a connection deadlock, leading to uncontrolled resource consumption. This impacts Red Hat products utilizing the affected Go standard library for TLS 1.3 connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T14:03:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29035"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.src",
"AppStream-10.2.Z:skopeo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debuginfo-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-debugsource-2:1.22.2-2.el10_2.x86_64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.aarch64",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.ppc64le",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.s390x",
"AppStream-10.2.Z:skopeo-tests-2:1.22.2-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
}
]
}
RHSA-2026:29195
Vulnerability from csaf_redhat - Published: 2026-06-24 19:30 - Updated: 2026-07-13 23:20The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for buildah is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. \n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:29195",
"url": "https://access.redhat.com/errata/RHSA-2026:29195"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_29195.json"
}
],
"title": "Red Hat Security Advisory: buildah security update",
"tracking": {
"current_release_date": "2026-07-13T23:20:39+00:00",
"generator": {
"date": "2026-07-13T23:20:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:29195",
"initial_release_date": "2026-06-24T19:30:38+00:00",
"revision_history": [
{
"date": "2026-06-24T19:30:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-24T19:30:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:20:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.43.1-2.el10_2.src",
"product": {
"name": "buildah-2:1.43.1-2.el10_2.src",
"product_id": "buildah-2:1.43.1-2.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.43.1-2.el10_2?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.43.1-2.el10_2.aarch64",
"product": {
"name": "buildah-2:1.43.1-2.el10_2.aarch64",
"product_id": "buildah-2:1.43.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.43.1-2.el10_2?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.43.1-2.el10_2.aarch64",
"product": {
"name": "buildah-tests-2:1.43.1-2.el10_2.aarch64",
"product_id": "buildah-tests-2:1.43.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.43.1-2.el10_2?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"product": {
"name": "buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"product_id": "buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.43.1-2.el10_2?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"product": {
"name": "buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"product_id": "buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.43.1-2.el10_2?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"product": {
"name": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"product_id": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.43.1-2.el10_2?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.43.1-2.el10_2.ppc64le",
"product": {
"name": "buildah-2:1.43.1-2.el10_2.ppc64le",
"product_id": "buildah-2:1.43.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.43.1-2.el10_2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"product": {
"name": "buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"product_id": "buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.43.1-2.el10_2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"product": {
"name": "buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"product_id": "buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.43.1-2.el10_2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"product": {
"name": "buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"product_id": "buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.43.1-2.el10_2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"product": {
"name": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"product_id": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.43.1-2.el10_2?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.43.1-2.el10_2.s390x",
"product": {
"name": "buildah-2:1.43.1-2.el10_2.s390x",
"product_id": "buildah-2:1.43.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.43.1-2.el10_2?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.43.1-2.el10_2.s390x",
"product": {
"name": "buildah-tests-2:1.43.1-2.el10_2.s390x",
"product_id": "buildah-tests-2:1.43.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.43.1-2.el10_2?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"product": {
"name": "buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"product_id": "buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.43.1-2.el10_2?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"product": {
"name": "buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"product_id": "buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.43.1-2.el10_2?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"product": {
"name": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"product_id": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.43.1-2.el10_2?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.43.1-2.el10_2.x86_64",
"product": {
"name": "buildah-2:1.43.1-2.el10_2.x86_64",
"product_id": "buildah-2:1.43.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.43.1-2.el10_2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.43.1-2.el10_2.x86_64",
"product": {
"name": "buildah-tests-2:1.43.1-2.el10_2.x86_64",
"product_id": "buildah-tests-2:1.43.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.43.1-2.el10_2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"product": {
"name": "buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"product_id": "buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.43.1-2.el10_2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"product": {
"name": "buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"product_id": "buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.43.1-2.el10_2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64",
"product": {
"name": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64",
"product_id": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.43.1-2.el10_2?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.43.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64"
},
"product_reference": "buildah-2:1.43.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.43.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le"
},
"product_reference": "buildah-2:1.43.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.43.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x"
},
"product_reference": "buildah-2:1.43.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.43.1-2.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src"
},
"product_reference": "buildah-2:1.43.1-2.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.43.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64"
},
"product_reference": "buildah-2:1.43.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.43.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64"
},
"product_reference": "buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le"
},
"product_reference": "buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.43.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x"
},
"product_reference": "buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.43.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64"
},
"product_reference": "buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.43.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64"
},
"product_reference": "buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.43.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le"
},
"product_reference": "buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.43.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x"
},
"product_reference": "buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.43.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64"
},
"product_reference": "buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.43.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64"
},
"product_reference": "buildah-tests-2:1.43.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.43.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le"
},
"product_reference": "buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.43.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x"
},
"product_reference": "buildah-tests-2:1.43.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.43.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64"
},
"product_reference": "buildah-tests-2:1.43.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64"
},
"product_reference": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le"
},
"product_reference": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x"
},
"product_reference": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64"
},
"product_reference": "buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T19:30:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29195"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T19:30:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29195"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T19:30:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29195"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in the Go `crypto/tls` package allows a remote attacker to cause a denial of service in applications using TLS 1.3. By sending multiple key update messages in a single record post-handshake, an attacker can trigger a connection deadlock, leading to uncontrolled resource consumption. This impacts Red Hat products utilizing the affected Go standard library for TLS 1.3 connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T19:30:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29195"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.src",
"AppStream-10.2.Z:buildah-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debuginfo-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-debugsource-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-2:1.43.1-2.el10_2.x86_64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x",
"AppStream-10.2.Z:buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
}
]
}
RHSA-2026:29455
Vulnerability from csaf_redhat - Published: 2026-06-25 00:07 - Updated: 2026-07-13 23:20The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during public key authentication. Successful exploitation could lead to a denial of service (DoS) due to prolonged CPU consumption during signature verification.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak per connection. The consequence is a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for buildah is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. \n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\n* golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters (CVE-2026-39829)\n\n* golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses (CVE-2026-39830)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:29455",
"url": "https://access.redhat.com/errata/RHSA-2026:29455"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "2480681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480681"
},
{
"category": "external",
"summary": "2480684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480684"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_29455.json"
}
],
"title": "Red Hat Security Advisory: buildah security update",
"tracking": {
"current_release_date": "2026-07-13T23:20:39+00:00",
"generator": {
"date": "2026-07-13T23:20:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:29455",
"initial_release_date": "2026-06-25T00:07:14+00:00",
"revision_history": [
{
"date": "2026-06-25T00:07:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-25T00:07:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:20:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.43.1-2.el9_8.src",
"product": {
"name": "buildah-2:1.43.1-2.el9_8.src",
"product_id": "buildah-2:1.43.1-2.el9_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.43.1-2.el9_8?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.43.1-2.el9_8.aarch64",
"product": {
"name": "buildah-2:1.43.1-2.el9_8.aarch64",
"product_id": "buildah-2:1.43.1-2.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.43.1-2.el9_8?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.43.1-2.el9_8.aarch64",
"product": {
"name": "buildah-tests-2:1.43.1-2.el9_8.aarch64",
"product_id": "buildah-tests-2:1.43.1-2.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.43.1-2.el9_8?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"product": {
"name": "buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"product_id": "buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.43.1-2.el9_8?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"product": {
"name": "buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"product_id": "buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.43.1-2.el9_8?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"product": {
"name": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"product_id": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.43.1-2.el9_8?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.43.1-2.el9_8.ppc64le",
"product": {
"name": "buildah-2:1.43.1-2.el9_8.ppc64le",
"product_id": "buildah-2:1.43.1-2.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.43.1-2.el9_8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"product": {
"name": "buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"product_id": "buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.43.1-2.el9_8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"product": {
"name": "buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"product_id": "buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.43.1-2.el9_8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"product": {
"name": "buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"product_id": "buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.43.1-2.el9_8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"product": {
"name": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"product_id": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.43.1-2.el9_8?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.43.1-2.el9_8.x86_64",
"product": {
"name": "buildah-2:1.43.1-2.el9_8.x86_64",
"product_id": "buildah-2:1.43.1-2.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.43.1-2.el9_8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.43.1-2.el9_8.x86_64",
"product": {
"name": "buildah-tests-2:1.43.1-2.el9_8.x86_64",
"product_id": "buildah-tests-2:1.43.1-2.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.43.1-2.el9_8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"product": {
"name": "buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"product_id": "buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.43.1-2.el9_8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"product": {
"name": "buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"product_id": "buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.43.1-2.el9_8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64",
"product": {
"name": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64",
"product_id": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.43.1-2.el9_8?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.43.1-2.el9_8.s390x",
"product": {
"name": "buildah-2:1.43.1-2.el9_8.s390x",
"product_id": "buildah-2:1.43.1-2.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.43.1-2.el9_8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.43.1-2.el9_8.s390x",
"product": {
"name": "buildah-tests-2:1.43.1-2.el9_8.s390x",
"product_id": "buildah-tests-2:1.43.1-2.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.43.1-2.el9_8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"product": {
"name": "buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"product_id": "buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.43.1-2.el9_8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"product": {
"name": "buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"product_id": "buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.43.1-2.el9_8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"product": {
"name": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"product_id": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.43.1-2.el9_8?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.43.1-2.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64"
},
"product_reference": "buildah-2:1.43.1-2.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.43.1-2.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le"
},
"product_reference": "buildah-2:1.43.1-2.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.43.1-2.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x"
},
"product_reference": "buildah-2:1.43.1-2.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.43.1-2.el9_8.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src"
},
"product_reference": "buildah-2:1.43.1-2.el9_8.src",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.43.1-2.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64"
},
"product_reference": "buildah-2:1.43.1-2.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.43.1-2.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64"
},
"product_reference": "buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le"
},
"product_reference": "buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.43.1-2.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x"
},
"product_reference": "buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.43.1-2.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64"
},
"product_reference": "buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.43.1-2.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64"
},
"product_reference": "buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.43.1-2.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le"
},
"product_reference": "buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.43.1-2.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x"
},
"product_reference": "buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.43.1-2.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64"
},
"product_reference": "buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.43.1-2.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64"
},
"product_reference": "buildah-tests-2:1.43.1-2.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.43.1-2.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le"
},
"product_reference": "buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.43.1-2.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x"
},
"product_reference": "buildah-tests-2:1.43.1-2.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.43.1-2.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64"
},
"product_reference": "buildah-tests-2:1.43.1-2.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64"
},
"product_reference": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le"
},
"product_reference": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x"
},
"product_reference": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
},
"product_reference": "buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T00:07:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T00:07:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29455"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T00:07:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in the Go `crypto/tls` package allows a remote attacker to cause a denial of service in applications using TLS 1.3. By sending multiple key update messages in a single record post-handshake, an attacker can trigger a connection deadlock, leading to uncontrolled resource consumption. This impacts Red Hat products utilizing the affected Go standard library for TLS 1.3 connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T00:07:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29455"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-39829",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-05-22T04:01:30.092249+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480681"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during public key authentication. Successful exploitation could lead to a denial of service (DoS) due to prolonged CPU consumption during signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in golang.org/x/crypto/ssh is rated as Important. An unauthenticated remote attacker could trigger a denial of service by providing a specially crafted public key with excessively large parameters during SSH public key authentication. This could lead to prolonged CPU consumption on the server, impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "RHBZ#2480681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39829",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39829"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829"
},
{
"category": "external",
"summary": "https://go.dev/cl/781641",
"url": "https://go.dev/cl/781641"
},
{
"category": "external",
"summary": "https://go.dev/cl/781661",
"url": "https://go.dev/cl/781661"
},
{
"category": "external",
"summary": "https://go.dev/issue/79565",
"url": "https://go.dev/issue/79565"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5018",
"url": "https://pkg.go.dev/vuln/GO-2026-5018"
}
],
"release_date": "2026-05-22T02:31:27.324000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T00:07:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters"
},
{
"cve": "CVE-2026-39830",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-05-22T04:01:38.517202+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection\u0027s read loop. This prevents the associated resources from being released, leading to a resource leak per connection. The consequence is a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw in `golang.org/x/crypto/ssh`. A remote, unauthenticated attacker can exploit this vulnerability by sending unsolicited global request responses to an affected SSH server, leading to resource exhaustion and a denial of service. The impact is considered Important due to the potential for unauthenticated remote disruption of services utilizing the vulnerable SSH library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "RHBZ#2480684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39830",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39830"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39830",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39830"
},
{
"category": "external",
"summary": "https://go.dev/cl/781640",
"url": "https://go.dev/cl/781640"
},
{
"category": "external",
"summary": "https://go.dev/cl/781664",
"url": "https://go.dev/cl/781664"
},
{
"category": "external",
"summary": "https://go.dev/issue/79564",
"url": "https://go.dev/issue/79564"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5017",
"url": "https://pkg.go.dev/vuln/GO-2026-5017"
}
],
"release_date": "2026-05-22T02:31:27.208000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T00:07:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29455"
},
{
"category": "workaround",
"details": "To mitigate this denial of service vulnerability, restrict network access to any service that utilizes the `golang.org/x/crypto/ssh` library and is exposed to untrusted networks. Implement firewall rules to allow connections only from trusted hosts or networks. This action limits the ability of malicious peers to send unsolicited global request responses. A restart of the affected service may be necessary for the new network rules to be applied effectively.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debuginfo-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-debugsource-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-2:1.43.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses"
}
]
}
RHSA-2026:29702
Vulnerability from csaf_redhat - Published: 2026-06-25 06:40 - Updated: 2026-07-13 23:20The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for runc is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:29702",
"url": "https://access.redhat.com/errata/RHSA-2026:29702"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_29702.json"
}
],
"title": "Red Hat Security Advisory: runc security update",
"tracking": {
"current_release_date": "2026-07-13T23:20:40+00:00",
"generator": {
"date": "2026-07-13T23:20:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:29702",
"initial_release_date": "2026-06-25T06:40:14+00:00",
"revision_history": [
{
"date": "2026-06-25T06:40:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-25T06:40:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:20:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.4.2-2.el9_8.src",
"product": {
"name": "runc-4:1.4.2-2.el9_8.src",
"product_id": "runc-4:1.4.2-2.el9_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.4.2-2.el9_8?arch=src\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.4.2-2.el9_8.aarch64",
"product": {
"name": "runc-4:1.4.2-2.el9_8.aarch64",
"product_id": "runc-4:1.4.2-2.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.4.2-2.el9_8?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.4.2-2.el9_8.aarch64",
"product": {
"name": "runc-debugsource-4:1.4.2-2.el9_8.aarch64",
"product_id": "runc-debugsource-4:1.4.2-2.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.4.2-2.el9_8?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.4.2-2.el9_8.aarch64",
"product": {
"name": "runc-debuginfo-4:1.4.2-2.el9_8.aarch64",
"product_id": "runc-debuginfo-4:1.4.2-2.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.4.2-2.el9_8?arch=aarch64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.4.2-2.el9_8.ppc64le",
"product": {
"name": "runc-4:1.4.2-2.el9_8.ppc64le",
"product_id": "runc-4:1.4.2-2.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.4.2-2.el9_8?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.4.2-2.el9_8.ppc64le",
"product": {
"name": "runc-debugsource-4:1.4.2-2.el9_8.ppc64le",
"product_id": "runc-debugsource-4:1.4.2-2.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.4.2-2.el9_8?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.4.2-2.el9_8.ppc64le",
"product": {
"name": "runc-debuginfo-4:1.4.2-2.el9_8.ppc64le",
"product_id": "runc-debuginfo-4:1.4.2-2.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.4.2-2.el9_8?arch=ppc64le\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.4.2-2.el9_8.x86_64",
"product": {
"name": "runc-4:1.4.2-2.el9_8.x86_64",
"product_id": "runc-4:1.4.2-2.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.4.2-2.el9_8?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.4.2-2.el9_8.x86_64",
"product": {
"name": "runc-debugsource-4:1.4.2-2.el9_8.x86_64",
"product_id": "runc-debugsource-4:1.4.2-2.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.4.2-2.el9_8?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.4.2-2.el9_8.x86_64",
"product": {
"name": "runc-debuginfo-4:1.4.2-2.el9_8.x86_64",
"product_id": "runc-debuginfo-4:1.4.2-2.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.4.2-2.el9_8?arch=x86_64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-4:1.4.2-2.el9_8.s390x",
"product": {
"name": "runc-4:1.4.2-2.el9_8.s390x",
"product_id": "runc-4:1.4.2-2.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.4.2-2.el9_8?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.4.2-2.el9_8.s390x",
"product": {
"name": "runc-debugsource-4:1.4.2-2.el9_8.s390x",
"product_id": "runc-debugsource-4:1.4.2-2.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.4.2-2.el9_8?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.4.2-2.el9_8.s390x",
"product": {
"name": "runc-debuginfo-4:1.4.2-2.el9_8.s390x",
"product_id": "runc-debuginfo-4:1.4.2-2.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.4.2-2.el9_8?arch=s390x\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.4.2-2.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.aarch64"
},
"product_reference": "runc-4:1.4.2-2.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.4.2-2.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.ppc64le"
},
"product_reference": "runc-4:1.4.2-2.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.4.2-2.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.s390x"
},
"product_reference": "runc-4:1.4.2-2.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.4.2-2.el9_8.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.src"
},
"product_reference": "runc-4:1.4.2-2.el9_8.src",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.4.2-2.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.x86_64"
},
"product_reference": "runc-4:1.4.2-2.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.4.2-2.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.aarch64"
},
"product_reference": "runc-debuginfo-4:1.4.2-2.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.4.2-2.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.ppc64le"
},
"product_reference": "runc-debuginfo-4:1.4.2-2.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.4.2-2.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.s390x"
},
"product_reference": "runc-debuginfo-4:1.4.2-2.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.4.2-2.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.x86_64"
},
"product_reference": "runc-debuginfo-4:1.4.2-2.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.4.2-2.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.aarch64"
},
"product_reference": "runc-debugsource-4:1.4.2-2.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.4.2-2.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.ppc64le"
},
"product_reference": "runc-debugsource-4:1.4.2-2.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.4.2-2.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.s390x"
},
"product_reference": "runc-debugsource-4:1.4.2-2.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.4.2-2.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.x86_64"
},
"product_reference": "runc-debugsource-4:1.4.2-2.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T06:40:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29702"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T06:40:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29702"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T06:40:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29702"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:runc-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debuginfo-4:1.4.2-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:runc-debugsource-4:1.4.2-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
}
]
}
RHSA-2026:29703
Vulnerability from csaf_redhat - Published: 2026-06-25 10:00 - Updated: 2026-07-13 23:20The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. \n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:29703",
"url": "https://access.redhat.com/errata/RHSA-2026:29703"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_29703.json"
}
],
"title": "Red Hat Security Advisory: containernetworking-plugins security update",
"tracking": {
"current_release_date": "2026-07-13T23:20:42+00:00",
"generator": {
"date": "2026-07-13T23:20:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:29703",
"initial_release_date": "2026-06-25T10:00:35+00:00",
"revision_history": [
{
"date": "2026-06-25T10:00:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-25T10:00:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:20:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.9.0-3.el9_8.src",
"product": {
"name": "containernetworking-plugins-1:1.9.0-3.el9_8.src",
"product_id": "containernetworking-plugins-1:1.9.0-3.el9_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.9.0-3.el9_8?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"product": {
"name": "containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"product_id": "containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.9.0-3.el9_8?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"product_id": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.9.0-3.el9_8?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"product_id": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.9.0-3.el9_8?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"product": {
"name": "containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"product_id": "containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.9.0-3.el9_8?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"product_id": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.9.0-3.el9_8?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"product_id": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.9.0-3.el9_8?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"product": {
"name": "containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"product_id": "containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.9.0-3.el9_8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64",
"product_id": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.9.0-3.el9_8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"product_id": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.9.0-3.el9_8?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"product": {
"name": "containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"product_id": "containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.9.0-3.el9_8?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"product_id": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.9.0-3.el9_8?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"product_id": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.9.0-3.el9_8?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.9.0-3.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64"
},
"product_reference": "containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le"
},
"product_reference": "containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.9.0-3.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x"
},
"product_reference": "containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.9.0-3.el9_8.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src"
},
"product_reference": "containernetworking-plugins-1:1.9.0-3.el9_8.src",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.9.0-3.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64"
},
"product_reference": "containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T10:00:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29703"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T10:00:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29703"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T10:00:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29703"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in the Go `crypto/tls` package allows a remote attacker to cause a denial of service in applications using TLS 1.3. By sending multiple key update messages in a single record post-handshake, an attacker can trigger a connection deadlock, leading to uncontrolled resource consumption. This impacts Red Hat products utilizing the affected Go standard library for TLS 1.3 connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T10:00:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29703"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.