Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-23806 (GCVE-0-2022-23806)
Vulnerability from cvelistv5 – Published: 2022-02-11 00:00 – Updated: 2024-08-03 03:51
VLAI
EPSS
Summary
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
Severity
9.1 (Critical)
CWE
- n/a
Assigner
References
7 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
},
{
"name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
},
{
"name": "GLSA-202208-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
},
{
"name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
},
{
"name": "GLSA-202208-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23806",
"datePublished": "2022-02-11T00:00:00.000Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:51:45.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-23806",
"date": "2026-06-04",
"epss": "0.00045",
"percentile": "0.14197"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-23806\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-02-11T01:15:07.747\",\"lastModified\":\"2024-11-21T06:49:17.407\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.\"},{\"lang\":\"es\",\"value\":\"Curve.IsOnCurve en crypto/elliptic en Go versiones anteriores a 1.16.14 y versiones 1.17.x anteriores a 1.17.7, puede devolver incorrectamente true en situaciones con un valor big.Int que no es un elemento de campo v\u00e1lido\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-252\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.16.14\",\"matchCriteriaId\":\"3AC42B47-ED6E-4F64-BAFA-770B8834BB25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.17.0\",\"versionEndExcluding\":\"1.17.7\",\"matchCriteriaId\":\"39A5AFCD-0F53-440D-B617-BB1C92B67028\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B60CE797-9177-4705-B02D-83F5A48C5F6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DAE7369-EEC5-405E-9D13-858335FDA647\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F8E1764-2021-41E7-9CBE-6864313A74E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ADFF451-740F-4DBA-BD23-3881945D3E40\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220225-0006/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220225-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2026-AVI-0199
Vulnerability from certfr_avis - Published: 2026-02-24 - Updated: 2026-02-24
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Telco Cloud Platform | Telco Cloud Platform versions 4.x et 5.x sans le correctif de sécurité KB428241 | ||
| VMware | Tanzu Data Services | Tanzu Data Flow versions antérieures à 2.0.2 sur Tanzu Platform | ||
| VMware | Azure Spring Enterprise | Harbor Registry versions antérieures à 2.14.2 | ||
| VMware | Tanzu Data Intelligence | Tanzu pour MySQL versions 2.0.0 sur Kubernetes | ||
| VMware | Cloud Foundation | Cloud Foundation versions 9.x antérieures à 9.0.2.0 | ||
| VMware | Tanzu Kubernetes Runtime | App Metrics versions antérieures à2.3.3 | ||
| VMware | Tanzu Data Intelligence | Tanzu GemFire versions antérieures à 2.6.1 sur Kubernetes | ||
| VMware | Tanzu Kubernetes Runtime | CredHub Secrets Management pour Tanzu Platform versions antérieures à 1.6.8 | ||
| VMware | Tanzu Data Intelligence | Tanzu pour Valkey version 3.3.1 sur Kubernetes | ||
| VMware | Tanzu Operations Manager | Foundation Core pour Tanzu Platform versions antérieures à 3.2.4 | ||
| VMware | Aria Operations | Aria Operations versions 8.x antérieures à 8.18.6 | ||
| VMware | Tanzu Kubernetes Runtime | cf-mgmt pour Tanzu Platform versions antérieures à 1.0.108 | ||
| VMware | Tanzu Data Intelligence | Tanzu pour Valkey version 9.0.1 | ||
| VMware | Tanzu Kubernetes Runtime | Extended App Support pour Tanzu Platform versions antérieures à 1.0.15 | ||
| VMware | Tanzu Data Intelligence | Tanzu GemFire Management versions antérieures à 1.4.3 | ||
| VMware | Tanzu Kubernetes Runtime | NodeJS Buildpack versions antérieures à 1.8.77 | ||
| VMware | Tanzu Kubernetes Runtime | Cloud Native Buildpacks pour Tanzu Platform versions antérieures à 0.6.5 | ||
| VMware | Cloud Foundation | Cloud Foundation versions 4.x et 5.x sans le correctif de sécurité KB92148 | ||
| VMware | Tanzu Kubernetes Runtime | AI Services pour Tanzu Platform versions antérieures à 10.3.4 | ||
| VMware | Tanzu Kubernetes Runtime | Java Buildpack versions antérieures à 4.89.0 | ||
| VMware | Telco Cloud Infrastructure | Telco Cloud Infrastructure versions 2.x et 3.x sans le correctif de sécurité KB428241 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour Tanzu Platform versions antérieures à 6.0.25+LTS-T, 10.2.8+LTS-T et 10.3.5 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Telco Cloud Platform versions 4.x et 5.x sans le correctif de s\u00e9curit\u00e9 KB428241",
"product": {
"name": "Telco Cloud Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Flow versions ant\u00e9rieures \u00e0 2.0.2 sur Tanzu Platform",
"product": {
"name": "Tanzu Data Services",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Harbor Registry versions ant\u00e9rieures \u00e0 2.14.2",
"product": {
"name": "Azure Spring Enterprise",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour MySQL versions 2.0.0 sur Kubernetes",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 9.x ant\u00e9rieures \u00e0 9.0.2.0",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "App Metrics versions ant\u00e9rieures \u00e02.3.3",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire versions ant\u00e9rieures \u00e0 2.6.1 sur Kubernetes",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "CredHub Secrets Management pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.6.8",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey version 3.3.1 sur Kubernetes",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Foundation Core pour Tanzu Platform versions ant\u00e9rieures \u00e0 3.2.4",
"product": {
"name": "Tanzu Operations Manager",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Aria Operations versions 8.x ant\u00e9rieures \u00e0 8.18.6",
"product": {
"name": "Aria Operations",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "cf-mgmt pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.108",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey version 9.0.1",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Extended App Support pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.15",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Management versions ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.77",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Native Buildpacks pour Tanzu Platform versions ant\u00e9rieures \u00e0 0.6.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 4.x et 5.x sans le correctif de s\u00e9curit\u00e9 KB92148",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "AI Services pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.4",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Java Buildpack versions ant\u00e9rieures \u00e0 4.89.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Infrastructure versions 2.x et 3.x sans le correctif de s\u00e9curit\u00e9 KB428241",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.25+LTS-T, 10.2.8+LTS-T et 10.3.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-47219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47219"
},
{
"name": "CVE-2021-22898",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
},
{
"name": "CVE-2021-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
},
{
"name": "CVE-2021-42384",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42384"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2017-16544",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16544"
},
{
"name": "CVE-2025-39987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39987"
},
{
"name": "CVE-2021-42378",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42378"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2025-21861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2022-24450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24450"
},
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2025-15282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2021-37600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37600"
},
{
"name": "CVE-2021-42382",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42382"
},
{
"name": "CVE-2020-10750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10750"
},
{
"name": "CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2025-40055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40055"
},
{
"name": "CVE-2021-42376",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42376"
},
{
"name": "CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"name": "CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"name": "CVE-2025-39876",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39876"
},
{
"name": "CVE-2025-40029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40029"
},
{
"name": "CVE-2025-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38561"
},
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2023-28841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
},
{
"name": "CVE-2023-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
},
{
"name": "CVE-2025-40048",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40048"
},
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2025-40219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40219"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2025-40043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40043"
},
{
"name": "CVE-2020-8169",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8169"
},
{
"name": "CVE-2021-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41091"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2025-8556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8556"
},
{
"name": "CVE-2026-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21936"
},
{
"name": "CVE-2025-59775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59775"
},
{
"name": "CVE-2026-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21937"
},
{
"name": "CVE-2025-39973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39973"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2018-1000517",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000517"
},
{
"name": "CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"name": "CVE-2025-39943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39943"
},
{
"name": "CVE-2025-39945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39945"
},
{
"name": "CVE-2025-39883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39883"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-40019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40019"
},
{
"name": "CVE-2025-40240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40240"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2025-40081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40081"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2024-58011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58011"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2025-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40153"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2025-40121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40121"
},
{
"name": "CVE-2026-1642",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1642"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2025-55753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55753"
},
{
"name": "CVE-2025-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
},
{
"name": "CVE-2025-40204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40204"
},
{
"name": "CVE-2025-40171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40171"
},
{
"name": "CVE-2021-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43816"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2025-39911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39911"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-6052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6052"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2025-10543",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10543"
},
{
"name": "CVE-2025-40125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40125"
},
{
"name": "CVE-2025-40349",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40349"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2019-5481",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5481"
},
{
"name": "CVE-2025-26646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26646"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-29222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29222"
},
{
"name": "CVE-2025-40187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40187"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2024-21012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21012"
},
{
"name": "CVE-2025-39913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39913"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2025-40092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40092"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2025-39967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39967"
},
{
"name": "CVE-2025-40115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40115"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2021-42386",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42386"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2025-13837",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2025-39949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39949"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2022-29190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29190"
},
{
"name": "CVE-2025-40173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40173"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2022-28948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2024-56538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56538"
},
{
"name": "CVE-2025-39923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39923"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2025-15367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15367"
},
{
"name": "CVE-2022-31030",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2018-20679",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20679"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-39953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39953"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2023-2253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2026-2006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2006"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2025-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40167"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2025-39969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39969"
},
{
"name": "CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"name": "CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"name": "CVE-2017-15873",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15873"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2025-40194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40194"
},
{
"name": "CVE-2025-40245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40245"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2024-24557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2025-40001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40001"
},
{
"name": "CVE-2026-1485",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1485"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2025-40035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40035"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2025-39988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39988"
},
{
"name": "CVE-2026-22719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22719"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2026-2005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2005"
},
{
"name": "CVE-2020-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2022-39399",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39399"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2025-38584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38584"
},
{
"name": "CVE-2021-42374",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42374"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-40233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40233"
},
{
"name": "CVE-2025-40020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40020"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2025-40188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40188"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2023-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22041"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-66200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66200"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2023-34231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34231"
},
{
"name": "CVE-2026-0988",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0988"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-65637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65637"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2026-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0861"
},
{
"name": "CVE-2023-47090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47090"
},
{
"name": "CVE-2025-40049",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40049"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2025-40070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40070"
},
{
"name": "CVE-2022-29946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29946"
},
{
"name": "CVE-2025-40106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40106"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2021-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2025-40205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40205"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2025-10966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10966"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-39885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39885"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2020-8284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-30215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30215"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2026-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21948"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2025-39970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39970"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2025-39994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39994"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-40088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40088"
},
{
"name": "CVE-2025-40220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40220"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2023-22036",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22036"
},
{
"name": "CVE-2025-13151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
},
{
"name": "CVE-2025-22058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22058"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2022-28391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28391"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2025-40109",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40109"
},
{
"name": "CVE-2025-40006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40006"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2023-28842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2022-26652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26652"
},
{
"name": "CVE-2025-40011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40011"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-40085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40085"
},
{
"name": "CVE-2023-42365",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42365"
},
{
"name": "CVE-2025-40231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40231"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2021-42379",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42379"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2025-23143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23143"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2025-65082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65082"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2026-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21964"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2022-36109",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36109"
},
{
"name": "CVE-2025-68146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68146"
},
{
"name": "CVE-2025-40183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40183"
},
{
"name": "CVE-2021-42381",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42381"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2025-39998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39998"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2025-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2025-40134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40134"
},
{
"name": "CVE-2017-15874",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15874"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2026-25210",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25210"
},
{
"name": "CVE-2025-39968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39968"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-39986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39986"
},
{
"name": "CVE-2025-39955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39955"
},
{
"name": "CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"name": "CVE-2022-24769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24769"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2025-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
},
{
"name": "CVE-2025-58098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58098"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2021-22897",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22897"
},
{
"name": "CVE-2025-40078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40078"
},
{
"name": "CVE-2025-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15366"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-40116",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40116"
},
{
"name": "CVE-2025-68249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68249"
},
{
"name": "CVE-2026-0990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0990"
},
{
"name": "CVE-2025-39934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39934"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2025-40179",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40179"
},
{
"name": "CVE-2025-40127",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40127"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-39996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39996"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2026-22721",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22721"
},
{
"name": "CVE-2025-40053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40053"
},
{
"name": "CVE-2026-24515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24515"
},
{
"name": "CVE-2025-39951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39951"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2025-40120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40120"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2022-48174",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48174"
},
{
"name": "CVE-2025-61594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61594"
},
{
"name": "CVE-2023-21835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21835"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2025-5025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5025"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2025-40243",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40243"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2021-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41089"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2025-14104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2026-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21968"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2023-42364",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42364"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2025-40118",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40118"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2025-40021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40021"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2019-5747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5747"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2025-40044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40044"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2025-40105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40105"
},
{
"name": "CVE-2018-1000500",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000500"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2026-26014",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26014"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2025-40112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40112"
},
{
"name": "CVE-2024-27289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27289"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2025-39971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39971"
},
{
"name": "CVE-2025-40154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40154"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-12817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12817"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2026-23949",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23949"
},
{
"name": "CVE-2021-42385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42385"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2026-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0915"
},
{
"name": "CVE-2025-15281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15281"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2025-40126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40126"
},
{
"name": "CVE-2025-39972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39972"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2021-42836",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42836"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-40200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40200"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2025-38236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38236"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2025-40124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40124"
},
{
"name": "CVE-2025-39880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39880"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2025-40094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40094"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2026-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21941"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-40215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40215"
},
{
"name": "CVE-2025-40111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40111"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-40068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40068"
},
{
"name": "CVE-2025-40042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40042"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"name": "CVE-2026-23490",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23490"
},
{
"name": "CVE-2026-24733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
},
{
"name": "CVE-2026-0992",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0992"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2026-21947",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21947"
},
{
"name": "CVE-2025-66564",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2019-5482",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5482"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-39937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39937"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-40060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40060"
},
{
"name": "CVE-2026-2003",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2003"
},
{
"name": "CVE-2019-5443",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5443"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2020-1967",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1967"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2025-60876",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60876"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2025-11065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11065"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2026-1484",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1484"
},
{
"name": "CVE-2025-4947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4947"
},
{
"name": "CVE-2025-40178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40178"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2025-39869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39869"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-39985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39985"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2025-59464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59464"
},
{
"name": "CVE-2023-22006",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22006"
},
{
"name": "CVE-2019-5435",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5435"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"name": "CVE-2026-1489",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1489"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2026-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2004"
},
{
"name": "CVE-2026-0672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0672"
},
{
"name": "CVE-2025-8732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2022-23648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23648"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2026-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22720"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-42363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42363"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2025-39980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39980"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2025-40346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40346"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-40030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40030"
},
{
"name": "CVE-2025-40244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40244"
},
{
"name": "CVE-2025-39995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39995"
},
{
"name": "CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"name": "CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-22873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22873"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2025-39907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39907"
},
{
"name": "CVE-2023-42366",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42366"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2026-25547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2025-40140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40140"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2025-40223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40223"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2024-53114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53114"
},
{
"name": "CVE-2024-27304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27304"
},
{
"name": "CVE-2026-22703",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22703"
},
{
"name": "CVE-2026-0989",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0989"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2025-39873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39873"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2022-29189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29189"
},
{
"name": "CVE-2025-38248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38248"
},
{
"name": "CVE-2025-40351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40351"
},
{
"name": "CVE-2025-40087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40087"
},
{
"name": "CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
}
],
"initial_release_date": "2026-02-24T00:00:00",
"last_revision_date": "2026-02-24T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0199",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37012",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37012"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37001",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37001"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37013",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37013"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37003",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37003"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37023",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37023"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37017",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37017"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37006",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37006"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37024",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37024"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36997",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36997"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37004",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37004"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36947",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37018",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37018"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37005",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37005"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37008",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37008"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37007",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37007"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37020",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37020"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36998",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36998"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37002",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37002"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37021",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37021"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37022",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37022"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37016",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37016"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37019",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37019"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37010",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37010"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37009",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37009"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37000",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37000"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37011",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37011"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37015",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37015"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37014",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37014"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36999",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36999"
}
]
}
FKIE_CVE-2022-23806
Vulnerability from fkie_nvd - Published: 2022-02-11 01:15 - Updated: 2024-11-21 06:49
Severity
Summary
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html | ||
| cve@mitre.org | https://security.gentoo.org/glsa/202208-02 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20220225-0006/ | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202208-02 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220225-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| golang | go | * | |
| golang | go | * | |
| netapp | beegfs_csi_driver | - | |
| netapp | cloud_insights_telegraf_agent | - | |
| netapp | kubernetes_monitoring_operator | - | |
| netapp | storagegrid | - | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC42B47-ED6E-4F64-BAFA-770B8834BB25",
"versionEndExcluding": "1.16.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39A5AFCD-0F53-440D-B617-BB1C92B67028",
"versionEndExcluding": "1.17.7",
"versionStartIncluding": "1.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B60CE797-9177-4705-B02D-83F5A48C5F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE7369-EEC5-405E-9D13-858335FDA647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8E1764-2021-41E7-9CBE-6864313A74E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element."
},
{
"lang": "es",
"value": "Curve.IsOnCurve en crypto/elliptic en Go versiones anteriores a 1.16.14 y versiones 1.17.x anteriores a 1.17.7, puede devolver incorrectamente true en situaciones con un valor big.Int que no es un elemento de campo v\u00e1lido"
}
],
"id": "CVE-2022-23806",
"lastModified": "2024-11-21T06:49:17.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-11T01:15:07.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-252"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-8C83-VP4V-H7FQ
Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2022-03-30 00:01
VLAI
Details
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
Severity
9.1 (Critical)
{
"affected": [],
"aliases": [
"CVE-2022-23806"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-11T01:15:00Z",
"severity": "CRITICAL"
},
"details": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.",
"id": "GHSA-8c83-vp4v-h7fq",
"modified": "2022-03-30T00:01:41Z",
"published": "2022-02-12T00:00:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220225-0006"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2022-23806
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-23806",
"description": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.",
"id": "GSD-2022-23806",
"references": [
"https://www.suse.com/security/cve/CVE-2022-23806.html",
"https://advisories.mageia.org/CVE-2022-23806.html",
"https://access.redhat.com/errata/RHSA-2022:1081",
"https://linux.oracle.com/cve/CVE-2022-23806.html",
"https://access.redhat.com/errata/RHSA-2022:1819",
"https://access.redhat.com/errata/RHSA-2022:4860",
"https://access.redhat.com/errata/RHSA-2022:4863",
"https://access.redhat.com/errata/RHSA-2022:4956",
"https://access.redhat.com/errata/RHSA-2022:5006",
"https://access.redhat.com/errata/RHSA-2022:5004",
"https://access.redhat.com/errata/RHSA-2022:5201",
"https://access.redhat.com/errata/RHSA-2022:5392",
"https://access.redhat.com/errata/RHSA-2022:5068",
"https://access.redhat.com/errata/RHSA-2022:5875",
"https://access.redhat.com/errata/RHSA-2022:5729",
"https://access.redhat.com/errata/RHSA-2022:6094",
"https://access.redhat.com/errata/RHSA-2022:6156",
"https://access.redhat.com/errata/RHSA-2022:6526",
"https://alas.aws.amazon.com/cve/html/CVE-2022-23806.html",
"https://access.redhat.com/errata/RHSA-2023:0408"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-23806"
],
"details": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.",
"id": "GSD-2022-23806",
"modified": "2023-12-13T01:19:35.076731Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
},
{
"name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220225-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
},
{
"name": "GLSA-202208-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.17.7",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.16.14",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23806"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-252"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220225-0006/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
},
{
"name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
},
{
"name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "GLSA-202208-02",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
},
"lastModifiedDate": "2023-04-20T00:15Z",
"publishedDate": "2022-02-11T01:15Z"
}
}
}
MSRC_CVE-2022-23806
Vulnerability from csaf_microsoft - Published: 2022-02-02 00:00 - Updated: 2026-02-18 01:06Summary
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 18796-16820 | — | ||
| Unresolved product id: 18797-17086 | — | ||
| Unresolved product id: 17021-17084 | — | ||
| Unresolved product id: 19696-17084 | — |
Known affected
4 products
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-1 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2022/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2022/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2022-23806 Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-23806.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.",
"tracking": {
"current_release_date": "2026-02-18T01:06:11.000Z",
"generator": {
"date": "2026-02-18T12:02:15.605Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2022-23806",
"initial_release_date": "2022-02-02T00:00:00.000Z",
"revision_history": [
{
"date": "2022-02-18T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2024-08-29T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
},
{
"date": "2024-08-30T00:00:00.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Information published."
},
{
"date": "2024-08-31T00:00:00.000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Information published."
},
{
"date": "2024-09-01T00:00:00.000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Information published."
},
{
"date": "2024-09-02T00:00:00.000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Information published."
},
{
"date": "2024-09-03T00:00:00.000Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Information published."
},
{
"date": "2024-09-05T00:00:00.000Z",
"legacy_version": "1.7",
"number": "8",
"summary": "Information published."
},
{
"date": "2024-09-06T00:00:00.000Z",
"legacy_version": "1.8",
"number": "9",
"summary": "Information published."
},
{
"date": "2024-09-07T00:00:00.000Z",
"legacy_version": "1.9",
"number": "10",
"summary": "Information published."
},
{
"date": "2024-09-08T00:00:00.000Z",
"legacy_version": "2",
"number": "11",
"summary": "Information published."
},
{
"date": "2024-09-11T00:00:00.000Z",
"legacy_version": "2.1",
"number": "12",
"summary": "Information published."
},
{
"date": "2026-02-18T01:06:11.000Z",
"legacy_version": "2.2",
"number": "13",
"summary": "Information published."
}
],
"status": "final",
"version": "13"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 golang 1.16.14-1",
"product": {
"name": "\u003ccm1 golang 1.16.14-1",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "cm1 golang 1.16.14-1",
"product": {
"name": "cm1 golang 1.16.14-1",
"product_id": "18796"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.18.8-3",
"product": {
"name": "\u003ccbl2 golang 1.18.8-3",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.18.8-3",
"product": {
"name": "cbl2 golang 1.18.8-3",
"product_id": "18797"
}
}
],
"category": "product_name",
"name": "golang"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 python-tensorboard 2.16.2-2",
"product": {
"name": "\u003cazl3 python-tensorboard 2.16.2-2",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "azl3 python-tensorboard 2.16.2-2",
"product": {
"name": "azl3 python-tensorboard 2.16.2-2",
"product_id": "17021"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 python-tensorboard 2.11.0-3",
"product": {
"name": "\u003cazl3 python-tensorboard 2.11.0-3",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 python-tensorboard 2.11.0-3",
"product": {
"name": "azl3 python-tensorboard 2.11.0-3",
"product_id": "19696"
}
}
],
"category": "product_name",
"name": "python-tensorboard"
},
{
"category": "product_name",
"name": "azl3 golang 1.24.3-1",
"product": {
"name": "azl3 golang 1.24.3-1",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.24.3-1 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 golang 1.16.14-1 as a component of CBL Mariner 1.0",
"product_id": "16820-4"
},
"product_reference": "4",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 golang 1.16.14-1 as a component of CBL Mariner 1.0",
"product_id": "18796-16820"
},
"product_reference": "18796",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.18.8-3 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.18.8-3 as a component of CBL Mariner 2.0",
"product_id": "18797-17086"
},
"product_reference": "18797",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-tensorboard 2.16.2-2 as a component of Azure Linux 3.0",
"product_id": "17084-5"
},
"product_reference": "5",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.16.2-2 as a component of Azure Linux 3.0",
"product_id": "17021-17084"
},
"product_reference": "17021",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-tensorboard 2.11.0-3 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.11.0-3 as a component of Azure Linux 3.0",
"product_id": "19696-17084"
},
"product_reference": "19696",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23806",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-1"
]
}
],
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"18796-16820",
"18797-17086",
"17021-17084",
"19696-17084"
],
"known_affected": [
"16820-4",
"17086-3",
"17084-5",
"17084-2"
],
"known_not_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-23806 Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-23806.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2022-02-18T00:00:00.000Z",
"details": "1.16.14-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-4"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2022-02-18T00:00:00.000Z",
"details": "1.18.8-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2022-02-18T00:00:00.000Z",
"details": "2.16.2-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-5",
"17084-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"16820-4",
"17086-3",
"17084-5",
"17084-2"
]
}
],
"title": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element."
}
]
}
OPENSUSE-SU-2022:0723-1
Vulnerability from csaf_opensuse - Published: 2022-03-04 09:32 - Updated: 2022-03-04 09:32Summary
Security update for go1.17
Severity
Important
Notes
Title of the patch: Security update for go1.17
Description of the patch: This update for go1.17 fixes the following issues:
- CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838).
- CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835).
- CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834).
The following non-security bugs were fixed:
- go#50978 crypto/elliptic: IsOnCurve returns true for invalid field elements
- go#50701 math/big: Rat.SetString may consume large amount of RAM and crash
- go#50687 cmd/go: do not treat branches with semantic-version names as releases
- go#50942 cmd/asm: 'compile: loop' compiler bug?
- go#50867 cmd/compile: incorrect use of CMN on arm64
- go#50812 cmd/go: remove bitbucket VCS probing
- go#50781 runtime: incorrect frame information in traceback traversal may hang the process.
- go#50722 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error
- go#50683 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg
- go#50586 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch
- go#50297 cmd/link: does not set section type of .init_array correctly
- go#50246 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of 'plugin' Package
Patchnames: openSUSE-SLE-15.3-2022-723,openSUSE-SLE-15.4-2022-723
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
19 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1190649 | self |
| https://bugzilla.suse.com/1195834 | self |
| https://bugzilla.suse.com/1195835 | self |
| https://bugzilla.suse.com/1195838 | self |
| https://www.suse.com/security/cve/CVE-2022-23772/ | self |
| https://www.suse.com/security/cve/CVE-2022-23773/ | self |
| https://www.suse.com/security/cve/CVE-2022-23806/ | self |
| https://www.suse.com/security/cve/CVE-2022-23772 | external |
| https://bugzilla.suse.com/1195835 | external |
| https://www.suse.com/security/cve/CVE-2022-23773 | external |
| https://bugzilla.suse.com/1195834 | external |
| https://www.suse.com/security/cve/CVE-2022-23806 | external |
| https://bugzilla.suse.com/1195838 | external |
| https://bugzilla.suse.com/1206559 | external |
| https://bugzilla.suse.com/1208723 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.17",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.17 fixes the following issues:\n\n- CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838).\n- CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835).\n- CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834).\n\nThe following non-security bugs were fixed:\n\n- go#50978 crypto/elliptic: IsOnCurve returns true for invalid field elements\n- go#50701 math/big: Rat.SetString may consume large amount of RAM and crash\n- go#50687 cmd/go: do not treat branches with semantic-version names as releases\n- go#50942 cmd/asm: \u0027compile: loop\u0027 compiler bug?\n- go#50867 cmd/compile: incorrect use of CMN on arm64\n- go#50812 cmd/go: remove bitbucket VCS probing\n- go#50781 runtime: incorrect frame information in traceback traversal may hang the process.\n- go#50722 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error\n- go#50683 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg\n- go#50586 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch\n- go#50297 cmd/link: does not set section type of .init_array correctly\n- go#50246 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of \u0027plugin\u0027 Package\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2022-723,openSUSE-SLE-15.4-2022-723",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0723-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0723-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OPXUBD6DBIW4WEXMYCUH5OXEVJIKJHR4/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0723-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OPXUBD6DBIW4WEXMYCUH5OXEVJIKJHR4/"
},
{
"category": "self",
"summary": "SUSE Bug 1190649",
"url": "https://bugzilla.suse.com/1190649"
},
{
"category": "self",
"summary": "SUSE Bug 1195834",
"url": "https://bugzilla.suse.com/1195834"
},
{
"category": "self",
"summary": "SUSE Bug 1195835",
"url": "https://bugzilla.suse.com/1195835"
},
{
"category": "self",
"summary": "SUSE Bug 1195838",
"url": "https://bugzilla.suse.com/1195838"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23772 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23773 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23806 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23806/"
}
],
"title": "Security update for go1.17",
"tracking": {
"current_release_date": "2022-03-04T09:32:01Z",
"generator": {
"date": "2022-03-04T09:32:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0723-1",
"initial_release_date": "2022-03-04T09:32:01Z",
"revision_history": [
{
"date": "2022-03-04T09:32:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.20.1.aarch64",
"product": {
"name": "go1.17-1.17.7-1.20.1.aarch64",
"product_id": "go1.17-1.17.7-1.20.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.20.1.aarch64",
"product": {
"name": "go1.17-doc-1.17.7-1.20.1.aarch64",
"product_id": "go1.17-doc-1.17.7-1.20.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.17-race-1.17.7-1.20.1.aarch64",
"product": {
"name": "go1.17-race-1.17.7-1.20.1.aarch64",
"product_id": "go1.17-race-1.17.7-1.20.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.20.1.i586",
"product": {
"name": "go1.17-1.17.7-1.20.1.i586",
"product_id": "go1.17-1.17.7-1.20.1.i586"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.20.1.i586",
"product": {
"name": "go1.17-doc-1.17.7-1.20.1.i586",
"product_id": "go1.17-doc-1.17.7-1.20.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.20.1.ppc64le",
"product": {
"name": "go1.17-1.17.7-1.20.1.ppc64le",
"product_id": "go1.17-1.17.7-1.20.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.20.1.ppc64le",
"product": {
"name": "go1.17-doc-1.17.7-1.20.1.ppc64le",
"product_id": "go1.17-doc-1.17.7-1.20.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.20.1.s390x",
"product": {
"name": "go1.17-1.17.7-1.20.1.s390x",
"product_id": "go1.17-1.17.7-1.20.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.20.1.s390x",
"product": {
"name": "go1.17-doc-1.17.7-1.20.1.s390x",
"product_id": "go1.17-doc-1.17.7-1.20.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.20.1.x86_64",
"product": {
"name": "go1.17-1.17.7-1.20.1.x86_64",
"product_id": "go1.17-1.17.7-1.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.20.1.x86_64",
"product": {
"name": "go1.17-doc-1.17.7-1.20.1.x86_64",
"product_id": "go1.17-doc-1.17.7-1.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.17-race-1.17.7-1.20.1.x86_64",
"product": {
"name": "go1.17-race-1.17.7-1.20.1.x86_64",
"product_id": "go1.17-race-1.17.7-1.20.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.20.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64"
},
"product_reference": "go1.17-1.17.7-1.20.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.20.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586"
},
"product_reference": "go1.17-1.17.7-1.20.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.20.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le"
},
"product_reference": "go1.17-1.17.7-1.20.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.20.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x"
},
"product_reference": "go1.17-1.17.7-1.20.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.20.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64"
},
"product_reference": "go1.17-1.17.7-1.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.20.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64"
},
"product_reference": "go1.17-doc-1.17.7-1.20.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.20.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586"
},
"product_reference": "go1.17-doc-1.17.7-1.20.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.20.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le"
},
"product_reference": "go1.17-doc-1.17.7-1.20.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.20.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x"
},
"product_reference": "go1.17-doc-1.17.7-1.20.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.20.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64"
},
"product_reference": "go1.17-doc-1.17.7-1.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.7-1.20.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64"
},
"product_reference": "go1.17-race-1.17.7-1.20.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.7-1.20.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
},
"product_reference": "go1.17-race-1.17.7-1.20.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23772"
}
],
"notes": [
{
"category": "general",
"text": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23772",
"url": "https://www.suse.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "SUSE Bug 1195835 for CVE-2022-23772",
"url": "https://bugzilla.suse.com/1195835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-04T09:32:01Z",
"details": "important"
}
],
"title": "CVE-2022-23772"
},
{
"cve": "CVE-2022-23773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23773"
}
],
"notes": [
{
"category": "general",
"text": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23773",
"url": "https://www.suse.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "SUSE Bug 1195834 for CVE-2022-23773",
"url": "https://bugzilla.suse.com/1195834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-04T09:32:01Z",
"details": "moderate"
}
],
"title": "CVE-2022-23773"
},
{
"cve": "CVE-2022-23806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23806"
}
],
"notes": [
{
"category": "general",
"text": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23806",
"url": "https://www.suse.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "SUSE Bug 1195838 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1195838"
},
{
"category": "external",
"summary": "SUSE Bug 1206559 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1206559"
},
{
"category": "external",
"summary": "SUSE Bug 1208723 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1208723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.i586",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.ppc64le",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.s390x",
"openSUSE Leap 15.3:go1.17-doc-1.17.7-1.20.1.x86_64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.aarch64",
"openSUSE Leap 15.3:go1.17-race-1.17.7-1.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-04T09:32:01Z",
"details": "important"
}
],
"title": "CVE-2022-23806"
}
]
}
OPENSUSE-SU-2022:0724-1
Vulnerability from csaf_opensuse - Published: 2022-03-04 09:34 - Updated: 2022-03-04 09:34Summary
Security update for go1.16
Severity
Important
Notes
Title of the patch: Security update for go1.16
Description of the patch: This update for go1.16 fixes the following issues:
- CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838).
- CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835).
- CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834).
The following non-security bugs were fixed:
- go#50977 crypto/elliptic: IsOnCurve returns true for invalid field elements
- go#50700 math/big: Rat.SetString may consume large amount of RAM and crash
- go#50686 cmd/go: do not treat branches with semantic-version names as releases
- go#50866 cmd/compile: incorrect use of CMN on arm64
- go#50832 runtime/race: NoRaceMutexPureHappensBefore failures
- go#50811 cmd/go: remove bitbucket VCS probing
- go#50780 runtime: incorrect frame information in traceback traversal may hang the process.
- go#50721 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error
- go#50682 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg
- go#50645 testing: surprising interaction of subtests with TempDir
- go#50585 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch
- go#50245 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of 'plugin' Package
Patchnames: openSUSE-SLE-15.3-2022-724,openSUSE-SLE-15.4-2022-724
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
19 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1182345 | self |
| https://bugzilla.suse.com/1195834 | self |
| https://bugzilla.suse.com/1195835 | self |
| https://bugzilla.suse.com/1195838 | self |
| https://www.suse.com/security/cve/CVE-2022-23772/ | self |
| https://www.suse.com/security/cve/CVE-2022-23773/ | self |
| https://www.suse.com/security/cve/CVE-2022-23806/ | self |
| https://www.suse.com/security/cve/CVE-2022-23772 | external |
| https://bugzilla.suse.com/1195835 | external |
| https://www.suse.com/security/cve/CVE-2022-23773 | external |
| https://bugzilla.suse.com/1195834 | external |
| https://www.suse.com/security/cve/CVE-2022-23806 | external |
| https://bugzilla.suse.com/1195838 | external |
| https://bugzilla.suse.com/1206559 | external |
| https://bugzilla.suse.com/1208723 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.16",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.16 fixes the following issues:\n\n- CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838).\n- CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835).\n- CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834).\n\nThe following non-security bugs were fixed:\n\n- go#50977 crypto/elliptic: IsOnCurve returns true for invalid field elements\n- go#50700 math/big: Rat.SetString may consume large amount of RAM and crash\n- go#50686 cmd/go: do not treat branches with semantic-version names as releases\n- go#50866 cmd/compile: incorrect use of CMN on arm64\n- go#50832 runtime/race: NoRaceMutexPureHappensBefore failures\n- go#50811 cmd/go: remove bitbucket VCS probing\n- go#50780 runtime: incorrect frame information in traceback traversal may hang the process.\n- go#50721 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error\n- go#50682 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg\n- go#50645 testing: surprising interaction of subtests with TempDir\n- go#50585 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch\n- go#50245 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of \u0027plugin\u0027 Package\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2022-724,openSUSE-SLE-15.4-2022-724",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0724-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0724-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IMRYQV73OUYCKMEO4GSE5KGQ7EEQYJHV/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0724-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IMRYQV73OUYCKMEO4GSE5KGQ7EEQYJHV/"
},
{
"category": "self",
"summary": "SUSE Bug 1182345",
"url": "https://bugzilla.suse.com/1182345"
},
{
"category": "self",
"summary": "SUSE Bug 1195834",
"url": "https://bugzilla.suse.com/1195834"
},
{
"category": "self",
"summary": "SUSE Bug 1195835",
"url": "https://bugzilla.suse.com/1195835"
},
{
"category": "self",
"summary": "SUSE Bug 1195838",
"url": "https://bugzilla.suse.com/1195838"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23772 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23773 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23806 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23806/"
}
],
"title": "Security update for go1.16",
"tracking": {
"current_release_date": "2022-03-04T09:34:13Z",
"generator": {
"date": "2022-03-04T09:34:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0724-1",
"initial_release_date": "2022-03-04T09:34:13Z",
"revision_history": [
{
"date": "2022-03-04T09:34:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.14-1.43.1.aarch64",
"product": {
"name": "go1.16-1.16.14-1.43.1.aarch64",
"product_id": "go1.16-1.16.14-1.43.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.14-1.43.1.aarch64",
"product": {
"name": "go1.16-doc-1.16.14-1.43.1.aarch64",
"product_id": "go1.16-doc-1.16.14-1.43.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.14-1.43.1.aarch64",
"product": {
"name": "go1.16-race-1.16.14-1.43.1.aarch64",
"product_id": "go1.16-race-1.16.14-1.43.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.14-1.43.1.ppc64le",
"product": {
"name": "go1.16-1.16.14-1.43.1.ppc64le",
"product_id": "go1.16-1.16.14-1.43.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.14-1.43.1.ppc64le",
"product": {
"name": "go1.16-doc-1.16.14-1.43.1.ppc64le",
"product_id": "go1.16-doc-1.16.14-1.43.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.14-1.43.1.s390x",
"product": {
"name": "go1.16-1.16.14-1.43.1.s390x",
"product_id": "go1.16-1.16.14-1.43.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.14-1.43.1.s390x",
"product": {
"name": "go1.16-doc-1.16.14-1.43.1.s390x",
"product_id": "go1.16-doc-1.16.14-1.43.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.14-1.43.1.x86_64",
"product": {
"name": "go1.16-1.16.14-1.43.1.x86_64",
"product_id": "go1.16-1.16.14-1.43.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.14-1.43.1.x86_64",
"product": {
"name": "go1.16-doc-1.16.14-1.43.1.x86_64",
"product_id": "go1.16-doc-1.16.14-1.43.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.14-1.43.1.x86_64",
"product": {
"name": "go1.16-race-1.16.14-1.43.1.x86_64",
"product_id": "go1.16-race-1.16.14-1.43.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.14-1.43.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64"
},
"product_reference": "go1.16-1.16.14-1.43.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.14-1.43.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le"
},
"product_reference": "go1.16-1.16.14-1.43.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.14-1.43.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x"
},
"product_reference": "go1.16-1.16.14-1.43.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.14-1.43.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64"
},
"product_reference": "go1.16-1.16.14-1.43.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.14-1.43.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64"
},
"product_reference": "go1.16-doc-1.16.14-1.43.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.14-1.43.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le"
},
"product_reference": "go1.16-doc-1.16.14-1.43.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.14-1.43.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x"
},
"product_reference": "go1.16-doc-1.16.14-1.43.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.14-1.43.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64"
},
"product_reference": "go1.16-doc-1.16.14-1.43.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.14-1.43.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64"
},
"product_reference": "go1.16-race-1.16.14-1.43.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.14-1.43.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
},
"product_reference": "go1.16-race-1.16.14-1.43.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23772"
}
],
"notes": [
{
"category": "general",
"text": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23772",
"url": "https://www.suse.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "SUSE Bug 1195835 for CVE-2022-23772",
"url": "https://bugzilla.suse.com/1195835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-04T09:34:13Z",
"details": "important"
}
],
"title": "CVE-2022-23772"
},
{
"cve": "CVE-2022-23773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23773"
}
],
"notes": [
{
"category": "general",
"text": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23773",
"url": "https://www.suse.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "SUSE Bug 1195834 for CVE-2022-23773",
"url": "https://bugzilla.suse.com/1195834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-04T09:34:13Z",
"details": "moderate"
}
],
"title": "CVE-2022-23773"
},
{
"cve": "CVE-2022-23806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23806"
}
],
"notes": [
{
"category": "general",
"text": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23806",
"url": "https://www.suse.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "SUSE Bug 1195838 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1195838"
},
{
"category": "external",
"summary": "SUSE Bug 1206559 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1206559"
},
{
"category": "external",
"summary": "SUSE Bug 1208723 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1208723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.ppc64le",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.s390x",
"openSUSE Leap 15.3:go1.16-doc-1.16.14-1.43.1.x86_64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.aarch64",
"openSUSE Leap 15.3:go1.16-race-1.16.14-1.43.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-04T09:34:13Z",
"details": "important"
}
],
"title": "CVE-2022-23806"
}
]
}
OPENSUSE-SU-2024:11843-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
go1.16-1.16.14-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.16-1.16.14-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.16-1.16.14-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11843
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
13 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2022-23772/ | self |
| https://www.suse.com/security/cve/CVE-2022-23773/ | self |
| https://www.suse.com/security/cve/CVE-2022-23806/ | self |
| https://www.suse.com/security/cve/CVE-2022-23772 | external |
| https://bugzilla.suse.com/1195835 | external |
| https://www.suse.com/security/cve/CVE-2022-23773 | external |
| https://bugzilla.suse.com/1195834 | external |
| https://www.suse.com/security/cve/CVE-2022-23806 | external |
| https://bugzilla.suse.com/1195838 | external |
| https://bugzilla.suse.com/1206559 | external |
| https://bugzilla.suse.com/1208723 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.16-1.16.14-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.16-1.16.14-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11843",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11843-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23772 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23773 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23806 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23806/"
}
],
"title": "go1.16-1.16.14-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11843-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.14-1.1.aarch64",
"product": {
"name": "go1.16-1.16.14-1.1.aarch64",
"product_id": "go1.16-1.16.14-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.14-1.1.aarch64",
"product": {
"name": "go1.16-doc-1.16.14-1.1.aarch64",
"product_id": "go1.16-doc-1.16.14-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.14-1.1.aarch64",
"product": {
"name": "go1.16-race-1.16.14-1.1.aarch64",
"product_id": "go1.16-race-1.16.14-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.14-1.1.ppc64le",
"product": {
"name": "go1.16-1.16.14-1.1.ppc64le",
"product_id": "go1.16-1.16.14-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.14-1.1.ppc64le",
"product": {
"name": "go1.16-doc-1.16.14-1.1.ppc64le",
"product_id": "go1.16-doc-1.16.14-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.14-1.1.ppc64le",
"product": {
"name": "go1.16-race-1.16.14-1.1.ppc64le",
"product_id": "go1.16-race-1.16.14-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.14-1.1.s390x",
"product": {
"name": "go1.16-1.16.14-1.1.s390x",
"product_id": "go1.16-1.16.14-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.14-1.1.s390x",
"product": {
"name": "go1.16-doc-1.16.14-1.1.s390x",
"product_id": "go1.16-doc-1.16.14-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.14-1.1.s390x",
"product": {
"name": "go1.16-race-1.16.14-1.1.s390x",
"product_id": "go1.16-race-1.16.14-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.14-1.1.x86_64",
"product": {
"name": "go1.16-1.16.14-1.1.x86_64",
"product_id": "go1.16-1.16.14-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.14-1.1.x86_64",
"product": {
"name": "go1.16-doc-1.16.14-1.1.x86_64",
"product_id": "go1.16-doc-1.16.14-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.14-1.1.x86_64",
"product": {
"name": "go1.16-race-1.16.14-1.1.x86_64",
"product_id": "go1.16-race-1.16.14-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.14-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64"
},
"product_reference": "go1.16-1.16.14-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.14-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le"
},
"product_reference": "go1.16-1.16.14-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.14-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x"
},
"product_reference": "go1.16-1.16.14-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.14-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64"
},
"product_reference": "go1.16-1.16.14-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.14-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64"
},
"product_reference": "go1.16-doc-1.16.14-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.14-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le"
},
"product_reference": "go1.16-doc-1.16.14-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.14-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x"
},
"product_reference": "go1.16-doc-1.16.14-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.14-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64"
},
"product_reference": "go1.16-doc-1.16.14-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.14-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64"
},
"product_reference": "go1.16-race-1.16.14-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.14-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le"
},
"product_reference": "go1.16-race-1.16.14-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.14-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x"
},
"product_reference": "go1.16-race-1.16.14-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.14-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
},
"product_reference": "go1.16-race-1.16.14-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23772"
}
],
"notes": [
{
"category": "general",
"text": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23772",
"url": "https://www.suse.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "SUSE Bug 1195835 for CVE-2022-23772",
"url": "https://bugzilla.suse.com/1195835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-23772"
},
{
"cve": "CVE-2022-23773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23773"
}
],
"notes": [
{
"category": "general",
"text": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23773",
"url": "https://www.suse.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "SUSE Bug 1195834 for CVE-2022-23773",
"url": "https://bugzilla.suse.com/1195834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-23773"
},
{
"cve": "CVE-2022-23806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23806"
}
],
"notes": [
{
"category": "general",
"text": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23806",
"url": "https://www.suse.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "SUSE Bug 1195838 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1195838"
},
{
"category": "external",
"summary": "SUSE Bug 1206559 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1206559"
},
{
"category": "external",
"summary": "SUSE Bug 1208723 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1208723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.14-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.14-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-23806"
}
]
}
OPENSUSE-SU-2024:11844-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
go1.17-1.17.7-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.17-1.17.7-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.17-1.17.7-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11844
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
13 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2022-23772/ | self |
| https://www.suse.com/security/cve/CVE-2022-23773/ | self |
| https://www.suse.com/security/cve/CVE-2022-23806/ | self |
| https://www.suse.com/security/cve/CVE-2022-23772 | external |
| https://bugzilla.suse.com/1195835 | external |
| https://www.suse.com/security/cve/CVE-2022-23773 | external |
| https://bugzilla.suse.com/1195834 | external |
| https://www.suse.com/security/cve/CVE-2022-23806 | external |
| https://bugzilla.suse.com/1195838 | external |
| https://bugzilla.suse.com/1206559 | external |
| https://bugzilla.suse.com/1208723 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.17-1.17.7-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.17-1.17.7-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11844",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11844-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23772 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23773 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23806 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23806/"
}
],
"title": "go1.17-1.17.7-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11844-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.1.aarch64",
"product": {
"name": "go1.17-1.17.7-1.1.aarch64",
"product_id": "go1.17-1.17.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.1.aarch64",
"product": {
"name": "go1.17-doc-1.17.7-1.1.aarch64",
"product_id": "go1.17-doc-1.17.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.17-race-1.17.7-1.1.aarch64",
"product": {
"name": "go1.17-race-1.17.7-1.1.aarch64",
"product_id": "go1.17-race-1.17.7-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.1.ppc64le",
"product": {
"name": "go1.17-1.17.7-1.1.ppc64le",
"product_id": "go1.17-1.17.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.1.ppc64le",
"product": {
"name": "go1.17-doc-1.17.7-1.1.ppc64le",
"product_id": "go1.17-doc-1.17.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.17-race-1.17.7-1.1.ppc64le",
"product": {
"name": "go1.17-race-1.17.7-1.1.ppc64le",
"product_id": "go1.17-race-1.17.7-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.1.s390x",
"product": {
"name": "go1.17-1.17.7-1.1.s390x",
"product_id": "go1.17-1.17.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.1.s390x",
"product": {
"name": "go1.17-doc-1.17.7-1.1.s390x",
"product_id": "go1.17-doc-1.17.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.17-race-1.17.7-1.1.s390x",
"product": {
"name": "go1.17-race-1.17.7-1.1.s390x",
"product_id": "go1.17-race-1.17.7-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.7-1.1.x86_64",
"product": {
"name": "go1.17-1.17.7-1.1.x86_64",
"product_id": "go1.17-1.17.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.7-1.1.x86_64",
"product": {
"name": "go1.17-doc-1.17.7-1.1.x86_64",
"product_id": "go1.17-doc-1.17.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.17-race-1.17.7-1.1.x86_64",
"product": {
"name": "go1.17-race-1.17.7-1.1.x86_64",
"product_id": "go1.17-race-1.17.7-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64"
},
"product_reference": "go1.17-1.17.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le"
},
"product_reference": "go1.17-1.17.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x"
},
"product_reference": "go1.17-1.17.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64"
},
"product_reference": "go1.17-1.17.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64"
},
"product_reference": "go1.17-doc-1.17.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le"
},
"product_reference": "go1.17-doc-1.17.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x"
},
"product_reference": "go1.17-doc-1.17.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64"
},
"product_reference": "go1.17-doc-1.17.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64"
},
"product_reference": "go1.17-race-1.17.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le"
},
"product_reference": "go1.17-race-1.17.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x"
},
"product_reference": "go1.17-race-1.17.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
},
"product_reference": "go1.17-race-1.17.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23772"
}
],
"notes": [
{
"category": "general",
"text": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23772",
"url": "https://www.suse.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "SUSE Bug 1195835 for CVE-2022-23772",
"url": "https://bugzilla.suse.com/1195835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-23772"
},
{
"cve": "CVE-2022-23773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23773"
}
],
"notes": [
{
"category": "general",
"text": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23773",
"url": "https://www.suse.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "SUSE Bug 1195834 for CVE-2022-23773",
"url": "https://bugzilla.suse.com/1195834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-23773"
},
{
"cve": "CVE-2022-23806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23806"
}
],
"notes": [
{
"category": "general",
"text": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23806",
"url": "https://www.suse.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "SUSE Bug 1195838 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1195838"
},
{
"category": "external",
"summary": "SUSE Bug 1206559 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1206559"
},
{
"category": "external",
"summary": "SUSE Bug 1208723 for CVE-2022-23806",
"url": "https://bugzilla.suse.com/1208723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-doc-1.17.7-1.1.x86_64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.aarch64",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.ppc64le",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.s390x",
"openSUSE Tumbleweed:go1.17-race-1.17.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-23806"
}
]
}
RHSA-2022:1081
Vulnerability from csaf_redhat - Published: 2022-03-28 14:14 - Updated: 2026-02-28 01:43Summary
Red Hat Security Advisory: Gatekeeper Operator v0.2 security updates and bug fixes
Severity
Moderate
Notes
Topic: Gatekeeper Operator v0.2
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: Gatekeeper Operator v0.2
Gatekeeper is an open source project that applies the OPA Constraint
Framework to enforce policies on your Kubernetes clusters.
This advisory contains the container images for Gatekeeper that include security updates, and container upgrades.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Note: Gatekeeper support from the Red Hat support team is limited cases
where it is integrated and used with Red Hat Advanced Cluster Management
for Kubernetes. For support options for any other use, see the Gatekeeper
open source project website at:
https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.
Security updates:
* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
* golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
There's an input validation flaw in golang.org/x/crypto's readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.
7.1 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64 | — |
Threats
Impact
Moderate
References
15 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2022:1081 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://open-policy-agent.github.io/gatekeeper/we… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2030787 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2053429 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2021-43565 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2030787 | external |
| https://www.cve.org/CVERecord?id=CVE-2021-43565 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2021-43565 | external |
| https://access.redhat.com/security/cve/CVE-2022-23806 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2053429 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-23806 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-23806 | external |
| https://groups.google.com/g/golang-announce/c/SUs… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Gatekeeper Operator v0.2\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Gatekeeper Operator v0.2\n\nGatekeeper is an open source project that applies the OPA Constraint\nFramework to enforce policies on your Kubernetes clusters. \n\nThis advisory contains the container images for Gatekeeper that include security updates, and container upgrades.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\nNote: Gatekeeper support from the Red Hat support team is limited cases\nwhere it is integrated and used with Red Hat Advanced Cluster Management\nfor Kubernetes. For support options for any other use, see the Gatekeeper\nopen source project website at:\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/.\n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1081",
"url": "https://access.redhat.com/errata/RHSA-2022:1081"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/",
"url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/"
},
{
"category": "external",
"summary": "2030787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787"
},
{
"category": "external",
"summary": "2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1081.json"
}
],
"title": "Red Hat Security Advisory: Gatekeeper Operator v0.2 security updates and bug fixes",
"tracking": {
"current_release_date": "2026-02-28T01:43:02+00:00",
"generator": {
"date": "2026-02-28T01:43:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2022:1081",
"initial_release_date": "2022-03-28T14:14:19+00:00",
"revision_history": [
{
"date": "2022-03-28T14:14:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-28T14:14:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-28T01:43:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
"product": {
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
"product_id": "8Base-RHACM-2.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:acm:2.3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat ACM"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x",
"product": {
"name": "rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x",
"product_id": "rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8\u0026tag=v3.5.3-2"
}
}
},
{
"category": "product_version",
"name": "rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
"product": {
"name": "rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
"product_id": "rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8-operator\u0026tag=v0.2.2-3"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
"product": {
"name": "rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
"product_id": "rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8\u0026tag=v3.5.3-2"
}
}
},
{
"category": "product_version",
"name": "rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64",
"product": {
"name": "rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64",
"product_id": "rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-operator-bundle\u0026tag=v0.2.2-13"
}
}
},
{
"category": "product_version",
"name": "rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
"product": {
"name": "rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
"product_id": "rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-operator-bundle\u0026tag=v0.2.2-14"
}
}
},
{
"category": "product_version",
"name": "rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
"product": {
"name": "rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
"product_id": "rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8-operator\u0026tag=v0.2.2-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
"product": {
"name": "rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
"product_id": "rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8\u0026tag=v3.5.3-2"
}
}
},
{
"category": "product_version",
"name": "rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
"product": {
"name": "rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
"product_id": "rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8-operator\u0026tag=v0.2.2-3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
"product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64"
},
"product_reference": "rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
"relates_to_product_reference": "8Base-RHACM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
"product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64"
},
"product_reference": "rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64",
"relates_to_product_reference": "8Base-RHACM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
"product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x"
},
"product_reference": "rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
"relates_to_product_reference": "8Base-RHACM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
"product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le"
},
"product_reference": "rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
"relates_to_product_reference": "8Base-RHACM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
"product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64"
},
"product_reference": "rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
"relates_to_product_reference": "8Base-RHACM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
"product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le"
},
"product_reference": "rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
"relates_to_product_reference": "8Base-RHACM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
"product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64"
},
"product_reference": "rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
"relates_to_product_reference": "8Base-RHACM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
"product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x"
},
"product_reference": "rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x",
"relates_to_product_reference": "8Base-RHACM-2.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43565",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-12-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030787"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an input validation flaw in golang.org/x/crypto\u0027s readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto: empty plaintext packet causes panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "go-toolset shipped with Red Hat Developer Tools - Compilers and golang shipped with Red Hat Enterprise Linux 8 are not affected by this flaw because they do not ship the vulnerable code.\n\nThis flaw was rated to have a Moderate impact because it is not shipped in the Golang standard library and thus has a reduced impact to products compared with other flaws of this type.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x"
],
"known_not_affected": [
"8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43565"
},
{
"category": "external",
"summary": "RHBZ#2030787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565"
}
],
"release_date": "2021-12-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T14:14:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThe requirements to apply the upgraded images are different whether or not you\nused the operator. Complete the following steps, depending on your installation:\n\n- Upgrade gatekeeper operator:\nThe gatekeeper operator that is installed by the gatekeeper operator policy has\n`installPlanApproval` set to `Automatic`. This setting means the operator will\nbe upgraded automatically when there is a new version of the operator. No\nfurther action is required for upgrade. If you changed the setting for `installPlanApproval` to `manual`, then you must view each cluster to manually\napprove the upgrade to the operator.\n\n- Upgrade gatekeeper without the operator:\nThe gatekeeper version is specified as part of the Gatekeeper CR in the\ngatekeeper operator policy. To upgrade the gatekeeper version:\na) Determine the latest version of gatekeeper by visiting:\nhttps://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9.\nb) Click the tag dropdown, and find the latest static tag. An example tag is\n\u0027v3.3.0-1\u0027.\nc) Edit the gatekeeper operator policy and update the image tag to use the\nlatest static tag. For example, you might change this line to image: \u0027registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1\u0027.\n\nRefer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/ for additional information.",
"product_ids": [
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1081"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto: empty plaintext packet causes panic"
},
{
"cve": "CVE-2022-23806",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053429"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nThe vulnerability lies in the crypto/elliptic: IsOnCurve taking in negative and invalid forms of data input and resulting in a panic, the resulting invalid data input is also resulting in data sinks in other functions such as marshall that handle elliptic curve cryptography by converting points on an elliptic curve into a binary format for storage or transmission and scalarmult which provides scalar multiplication, all three function takes in invalid forms of data and results in a crash, although the main culprit being isoncurve function, considering the attack complexity being high as the data that reaches the vulnerable function could already be stripped of negative sign and the resultant successful exploitation only leading to a panic/crash the vulnerability has been rated as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x"
],
"known_not_affected": [
"8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "RHBZ#2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T14:14:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThe requirements to apply the upgraded images are different whether or not you\nused the operator. Complete the following steps, depending on your installation:\n\n- Upgrade gatekeeper operator:\nThe gatekeeper operator that is installed by the gatekeeper operator policy has\n`installPlanApproval` set to `Automatic`. This setting means the operator will\nbe upgraded automatically when there is a new version of the operator. No\nfurther action is required for upgrade. If you changed the setting for `installPlanApproval` to `manual`, then you must view each cluster to manually\napprove the upgrade to the operator.\n\n- Upgrade gatekeeper without the operator:\nThe gatekeeper version is specified as part of the Gatekeeper CR in the\ngatekeeper operator policy. To upgrade the gatekeeper version:\na) Determine the latest version of gatekeeper by visiting:\nhttps://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9.\nb) Click the tag dropdown, and find the latest static tag. An example tag is\n\u0027v3.3.0-1\u0027.\nc) Edit the gatekeeper operator policy and update the image tag to use the\nlatest static tag. For example, you might change this line to image: \u0027registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1\u0027.\n\nRefer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/ for additional information.",
"product_ids": [
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1081"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
"8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…